BY JOSEPH A. NAUJOKAS, NAUJOKAS & ASSOCIATES,
ICMA STANDARDS REPRESENTATIVE
This is a follow up to the November/December issue column, "What
is a Secure ID Card?". Much has happened in secure cards since
then so lets take a look. There is no doubt that Biometrics is a major
part of the future of Secure ID Cards, as well it should be.
The U.S. legislature passed a law requiring tighter security across
the borders using technology and assigned NIST (National Institute for
Standards and Technology) the responsibility to develop the technologies.
Shortly afterwards, as one of the elements towards this goal, NIST created
a new standards committee, NCITS M1 Biometrics. The initial intent is
to Fast Track (see column in Year End issue) existing documents into
ANSI standards, with the goal to have them adopted as International
standards. The first meeting took place in January.
One major document is the fingerprint system currently in use by the
U.S. Government. While the system works well in the U.S., an International
standard is needed to facilitate exchange of data on a worldwide basis.
The U.S. global war on terrorism will require rapid exchange of data
to hunt down suspected terrorists. This system is inappropriate for
ID cards as it is more applicable to criminal investigations in performing
one to many comparisons. The interoperable finger imaging system developed
in B10 and proposed for an International standard is intended for one
to one comparison to insure the cardholder is the same person identified
on the card. This will be true as well for the Iris Scan and the Facial
Imaging system.
The American Association of Motor Vehicle Administrators (AAMVA) has
been very active with internal and external discussions on the future
of drivers licenses and is now advocating uniform standardized machine
readable data and security features including biometrics to ease the
recognition of counterfeit licenses across jurisdictions. Although this
portends of a National ID Card, the AAMVA is now officially recognizing
that the U.S. Drivers License is already used extensively as an official
government photo ID by private industry and government agencies. In
fact, most states already issued ID cards that have the same security
features of a drivers license to those who do not drive.
NCITS B10 is moving towards introducing work on interoperable Finger
Imaging, Iris Scanning and Facial Imaging standards to the International
committee. B10 was ready to introduce working drafts of Finger Imaging
and Iris Scan to SC17 for development of International Standards. A
U.S. Convenor has volunteered to head up the new WG11 Biometrics Working
Group. However, the effort has been stopped by NCITS to re-evaluate
NCITS strategy for biometrics. Since B10 was the driving force in SC17
Biometrics activity, this also halted the SC17 effort. We should know
the outcome of the re-evaluation by the time this is published and will
report on it accordingly.
AAMVA convened a meeting in December with its Industry Advisory Board
(IAB) and the U.S. Secret Service "to develop, on a worldwide basis,
more secure ID systems and procedures for the future." The U.S.
Secret Service, an arm of the U.S. Treasury, has over 15 years of experience
in investigating credit card fraud in the U.S. The committee is looking
at all aspects of a secure card, including traceability of output devices
and card materials. They have formed task groups to investigate:
Most of this is U.S. activity because of Sept. 11, however, I believe
it will lead to international implementation. Also, while the effort
is concentrated on drivers licenses and other travel related documents,
I also believe that the technologies and techniques will eventually
find their way to credit cards and other card implementations. It is
also interesting to note that the U.S. Secret Service is opposed to
issuance of cards for periods longer than 3-5 years because there is
more risk for a security problem. So, this activity bodes well for card
manufacturers and issuers, for more cards and more value added to the
cards.