Single Government ID Moves Closer to Reality
High-Tech Cards Are Designed to Bolster Security


By Christopher Lee
Washington Post Staff Writer
Thursday, December 30, 2004; Page A25

http://www.washingtonpost.com/wp-dyn/articles/A35071-2004Dec29.html 

Federal officials are developing government-wide identification card standards for federal employees and contractors to prevent terrorists, criminals and other unauthorized people from getting into government buildings and computer systems.

The effort, known as the Personal Identity Verification Project, stems from a homeland security-related presidential directive and is being managed by the National Institute of Standards and Technology (NIST), a Commerce Department agency with offices in Gaithersburg.

In his Aug. 27 directive, President Bush said that "wide variations in the quality and security of forms of identification used to gain access to secure federal and other facilities where there is potential for terrorist attacks need to be eliminated." Bush called for the development of "secure and reliable forms of identification" for federal workers and contract employees.

To that end, federal officials want to replace the existing piecemeal system of agency-level ID cards with "smart cards" that are hard to counterfeit, resistant to tampering and difficult to use by anyone other than the rightful card-holder if lost or stolen.

The new generation of ID cards must be able to digitally store biometric data such as facial photographs and fingerprint images, bear contact and contactless interfaces, and allow the encryption of data that can be used to electronically verify the user's identity, according to NIST draft standards.

Such cards will be required for all federal employees, including members of the military, as well as for employees of private organizations and state and local governments who regularly require access to federally controlled facilities and computer systems. That is a universe of more than 2 million people, said W. Curt Barker, the project manager at NIST.

Barker said the new standards will include tougher background check requirements before many recipients can get their agency ID card. Access to particularly sensitive offices or systems still will require higher clearance, he said.

"There's wide variations in the quality and security of the forms of identification that people use to get access to federal facilities," he said. ". . . To be completely foolproof will be extraordinarily difficult, but we can raise the risk for the terrorist or other person who wants to fraudulently enter a facility and make it a little bit more difficult for them to get in."

The common standard also will enable many employees who shuttle between departments to enter different buildings with one card. NIST, which has spent about $1 million on the project so far, expects to complete the new standards by late February. Employees could start using the new cards as early as fall 2005, Barker said.

Several departments, notably defense, transportation and interior, began developing more secure, high-tech ID cards long before Bush issued the directive, he said. The trend ultimately could affect private sector workers, as well. Experts say the federal government's adoption of tighter ID card standards could spur more private businesses to follow suit.

Some federal employees have concerns about the new cards.

Colleen M. Kelley, president of the National Treasury Employees Union, which represents more than 150,000 federal workers in 30 agencies, said the proposed standard would permit agencies to print employees' pay grade and rank on the new cards, which many workers would consider an invasion of privacy.

"For example, an agency might seize upon this technology as a means to track employees as they move throughout a building," Kelley said in written comments to NIST last week. "That is troubling, standing alone. It would be particularly objectionable if the agency tried to track visits to particular sites such as the union office, Employee Assistance Program offices and the inspector general's office."

NIST has gathered comments on the draft standard from more than 500 entities and individuals but has not made them public.

On Jan. 19, the agency will hold a public meeting at the Potomac Center Plaza in downtown Washington to discuss policy, privacy and security concerns associated with the development of the new ID card standard. Anyone who wants to attend must pre-register by Jan. 11 by e-mailing Sara Caswell, a NIST official, at sara@nist.gov, according to a notice in yesterday's Federal Register. Questions regarding registration can be directed to Caswell at (301) 975-4634.