US ID projects on a converging path
The TWIC card (Transportation Worker Identification Card) is now on its way with the first cards issued by TSA (Transportation Security Agency) in the port of Wilmington, Delaware (cf. Smart Insights #07-40). Then, 50 other ports will start issuing TWIC by January 2008, and TSA expects to have all of the TWIC credentials issued within the next 15 months. The TWIC card is a dual interface (ISO 7816 contact and ISO 14443 contactless) microprocessor card containing the worker’s fingerprint template. The TWIC program is being implemented in two parts, first getting ID cards issued and then deploying readers at entry points to the ports (cf. SI #07-26). The next step is to pilot test readers in labs, with full operational tests planned for mid 2008.
Now, the DHS' Customs and Border Protection agency is considering allowing TWIC card holders to use them as a credential to enter the United States.
The PASS (People Access Security Service) card, part of the WHTI (Western Hemisphere Travel Initiative) is not fully defined yet (cf. SI #07-25). The DHS and State Department have been considering long range RFID for the PASS card, raising objections from many parts of the industry such as the Smart Card Alliance (cf. SI #07-22). The DHS plans to launch the WHTI program by January 2008, but the PASS card may not be part of it at the beginning. Full implementation of the WHTI is only to happen by the end of 2008.
At the same time, Washington State is running a pilot to use enhanced driver’s licenses as a means of identification at border crossings (cf. SI #07-13). This pilot will use long range RFID and will issue its first cards in January 2008.
US civil servants and contractors are on the way to get PIV-II (Personal Identity Verification) cards (cf. SI #07-37). This program has been started as a consequence of HSPD-12 (Homeland Security Presidential Directive). The GSA (General Services Administration) is acting as an issuer and systems administrator for other federal agencies: 67 of them representing 860,000 federal employees have agreed to have their cards issued by GSA under a shared services contract. GSA calls the program "USAccess", and charges a US$ 49 (EUR 34.50) initial cost for PIV-II credentials, with an ongoing US$3 (EUR 2.10) per month infrastructure support cost.
An estimated 1.8 million federal employees will get the PIV-II cards.
DoD (Department of Defense) employees (cf. SI #07-16), who already have the smart card based CAC (Common Access Card) will not get a PIV-II. However, CAC, like PIV-II, delivers both physical access to facilities and information system access.__Registered Traveler__
The smart card based "Registered Traveler Program" allows American frequent flyers to go through airport security quicker thanks to a biometrics authentication (cf. SI #07-25). Several systems integrators have been selected to provide Registered
Traveler system, including Unisys, Saflink, Verant Identification, Vigilant Solutions, ... 12 airports are already equipped including JFK, Newark, San Francisco and San Jose, and other large airports expected soon.
There are plans to include a contactless communication feature in driver licenses and to allow American citizens to use them for border crossing (cf. SI #07-20). But current projects consider using long distance RFID technology, something the smart card community strongly opposes. Long distance RFID creates a security issue, as it transmits an ID number up to 10 meters away, with no active security, and can be cloned easily.
The Center for Democracy and Technology (CDT), a public interest, public policy not for profit organization focused on civil liberties and technology policies, has developed guidelines for privacy and security. The CDT views align closely with those of the Smart Card Alliance in opposing the use of RFID technology for government issued identity credentials.