Time to Standardize ID Cards
June 26, 2002
There now is various business, security industry and government actions aimed at standardizing state and Federal identification systems for enhanced national security and the prevention of terrorism. The actions will influence the evolution of access control and identification cards and badges used by most businesses. Just last month, for example, President Bush signed into law a border security measure that, among other things, requires travel documents to contain machine-readable data such as fingerprints. Earlier this spring, the Security Industry Association (SIA), the trade association of security technology and service firms, through its Homeland Security Advisory Council, went on record urging Congress to enact even more legislation to standardize and modernize existing technology and practices used to identify and authenticate individual identity, specifically state and federal IDs; and develop sound policy to drive this standardization that is designed to keep citizens safe, while not infringing upon freedoms.
Uniform appearances—ink types, colors, engravings, type of paper or plastic, size, shape, black light sensitive imaging);
Data set—photo, address, date of birth, digitally imprinted thumb print);
Incorporated technology—holograms, microchip, magnetic strip, bar code, proximity card, smart card, reader type);
Production requirements—identification of approved manufacturing practices; printer DPI settings, material specifications); and
Protocols and conditions for identification issuance—documents required as proof of identity in order to secure an ID card; establishment of 2-day waiting period, background checks).
The SIA policy states, “In a country where a driver’s license is viewed as positive proof of identity and also allows for the acquisition of other identity documents, such as social security cards, birth certificates and passports, it is critical that some measure of security be placed on the production, issuance, and authentication of these powerful access devices.”
Developments in the government sector will spill over the business and commercial use of ID and access cards. In addition, there are some product makers who have developed visitor access control systems based on the ability to “read” and audit trail people’s driver’s licenses.
The security industry trade association believes that enacting Federal standards that dictate the baseline levels at which state and Federal identification cards/documents will be securely produced, issued and authenticated will, no doubt, require significant economic and political investments in policy development, software
Because of this controversies surrounding a national identity card or program, the SIA policy admits “it will take a significant amount of education and consensus building on this issue as civil liberties and privacy groups are seeking to derail the underlying security needs implicit in securing our nation’s identification documents.”
But the SIA Homeland Security Advisory Council statement relates that “it is of paramount importance to develop sound policy that will drive the efforts to standardize certain identification documents such as driver’s licenses and passports. This policy should work to counter misinformation and paranoid scenarios that depict government tracking of the general public.” So it’s not surprising that the SIA advocates for strict policy controls and closed loop databases that work to ultimately protect the public’s right-to-privacy while securing against fraud and identity theft
The association also believes ultimately that technology, such as smart card technology, will play a significant role in safeguarding a person’s identity and in making it nearly impossible to fraudulently produce a verifiable identification card. Given the need to secure, modernize and standardize the nation’s identification systems for homeland defense purposes, it is necessary to embrace this undertaking 100 percent or not to embrace it at all. Less than a full commitment to reforming and securing our nation’s identification system will not work to counter misinformation from privacy and civil liberty organizations, according to the industry group’s statement.
Still, concepts like “trusted traveler” are controversial. Richard E. Smith, Ph.D. CISSP, and author of Authentication – From Passwords to Public Keys, published by Addison Wesley, says that “while I agree that it’s possible to build a hard-to-forge authentication card for trusted travelers, I don’t believe the notion is practical. The reasons have little to do with technology. The first problem is that the security checkpoints are intended to interdict a broad range of dangerous items, and it’s unrealistic to trust a large population of ‘trusted travelers’ to police themselves. If a dangerous item gets aboard a plane, it doesn’t matter how it got there once a terrorist gets hold of it. The existing arrangement tries to eliminate dangerous items by checking everyone, and this reduces the risk of people breaking the rules innocently or intentionally.”
He goes on to say, “The second problem has to do with adjudicating the background checks: once you have the results in hand, how do you decide to deny a card?…or must you have had some documented association with a terrorist organization? What constitutes adequate documentation? Can a ‘reformed terrorist’ file suit to receive a trusted traveler card? If the adjudication process can’t eliminate 100 percent of terrorists without being unfair to some large number of travelers, then the responsible organizations will spend a lot of time in court.”