New federal employee IDs coming this fall, biometric firms giddy
As The Washington Post reports, a slew of fresh government initiatives are set to begin to take effect this fall, starting with new biometric-loaded ID cards for federal employees. In addition to requiring all employees to undergo background checks (don't they do that already?), the new standards developed by the National Institute of Standards and Technology will require the cards to include fingerprints at a minimum, and likely also include magnetic strips, personal identification numbers, digital photos, holograms, and watermarks. That should cover some 10 million employees, but that's a drop in the bucket compared to what's really getting the biometric companies excited: the prospect of tricking out every driver's license in the country with biometric goodness (or badness, depending on your perspective). While standards for that have yet to been set, the Real ID Act has set mid-2008 as the cut-off date to settle on the format of next-gen licenses once and for all.
Filed under: Misc. Gadgets
Reader Comments (Page 1 of 1)
SOLO @ Aug 30th 2006 12:37PM
i bet some dumbass is going to copy that pic thinking it is the finished product and then try to use it at a gov building or something
Kevin @ Aug 30th 2006 12:40PM
I for one don’t welcome our giddy biometric federal employee ID tag overloads
So they can’t get the chip in the hand so they are putting it here. Then like the article says next will be the drivers licenses and then after that they will try to get people to agree to the chip in the hand thing again. They take 2 steps forwarded then one step back. Everyone is happy that they stepped back but forget they are still one step closer. Now don’t get me wrong I am all for background checks and things like that but the question is where do you draw the line for stuff like this.
WamBam @ Aug 30th 2006 1:24PM
It's going to be so much harder for the youth of tommorrow to drink underage and for that, I pity them.
Philmatic @ Aug 30th 2006 1:28PM
Silly government, why not use a already existing standard for identification?
DoD has been using the Common Access Card (CAC) for years now: http://en.wikipedia.org/wiki/Common_Access_Card
Nothing special, it's just a printed smartcard with your Name, SSN, Fingerprints, and Rank. Encrypted of course, but allows for univerisal indetification and single sign on capabilities to most DoD networks (Air Force).
BukkakeParty @ Aug 30th 2006 1:32PM
Looks exactly like the current military ID's. If anything it'll make logging into computers easier and faster.
Matt @ Aug 30th 2006 1:35PM
That IS a CAC (common access card) -- see the smart chip on the bottom? The CAC has undergone several revisions, and the next revision includes RFID for proximity-sensor building/room access. Biometric (fingerprint) data has been included since the CAC was developed.
brentsf @ Aug 30th 2006 1:41PM
Apparently the government IDs of the future will expire in 18,005 years. Better hope you have a good picture on there.
George Bush @ Aug 30th 2006 2:20PM
Yep Matt. We already use CAC to get into our building.
Tracy L @ Aug 30th 2006 2:31PM
I confess. I'm a fed. And we've been talking about this for over a year. It's all part of HSPD-12, the idea that we have ONE authentication source as opposed to a badge for building access, RSA tokens for remote access, user/pass for computer access, etc. Here's a link to the doc...
http://www.whitehouse.gov/news/releases/2004/08/20040827-8.html
Another ambition is that someday this card from MY gov't office will work when I go visit a completely different branch of gov't like DOE or DoD.
David @ Aug 30th 2006 2:46PM
REAL ID Act is the worst thing to ever happen to this country to date.
It sets us on a course for becoming more and more of a police state. It is only a matter of time before they will require us to carry our ID's with us at all times, therefor, we will not be able to leave our homes without a hallpass from the government.
Pitty this Congress.
BW @ Aug 30th 2006 3:41PM
I hate to break it to you, but it is already the Law to carry your ID on you all the time. I know the states I have lived in TN, FL, and AL. If a officer ask for ID and you cant provide any, time to go to jail.
Timothy @ Aug 30th 2006 3:42PM
@David
They already do require you to carry ID. The police can ask for ID at any time, for any (or no) reason, and detain you if you don't have it.
Erik @ Aug 30th 2006 4:09PM
@David....waaaaaaaaaaaaaaaaaaaa, you don't like it, then move to Canada and stop your whining.
Travis Beard @ Aug 30th 2006 4:34PM
Germany for one already requires you to always have your ID on you.
Jon @ Aug 30th 2006 4:40PM
From Schneier's blog: http://www.schneier.com/cgi-bin/search/search.pl?Terms=real+id&Realm=blog
As a security technologist, I regularly encounter people who say the United States should adopt a national ID card. How could such a program not make us more secure, they ask?
The suggestion, when it's made by a thoughtful civic-minded person like Nicholas Kristof in the New York Times, often takes on a tone that is regretful and ambivalent: Yes, indeed, the card would be a minor invasion of our privacy, and undoubtedly it would add to the growing list of interruptions and delays we encounter every day; but we live in dangerous times, we live in a new world....
It all sounds so reasonable, but there's a lot to disagree with in such an attitude.
The potential privacy encroachments of an ID card system are far from minor. And the interruptions and delays caused by incessant ID checks could easily proliferate into a persistent traffic jam in office lobbies and airports and hospital waiting rooms and shopping malls.
But my primary objection isn't the totalitarian potential of national IDs, nor the likelihood that they'll create a whole immense new class of social and economic dislocations. Nor is it the opportunities they will create for colossal boondoggles by government contractors. My objection to the national ID card, at least for the purposes of this essay, is much simpler.
It won't work. It won't make us more secure.
In fact, everything I've learned about security over the last 20 years tells me that once it is put in place, a national ID card program will actually make us less secure.
My argument may not be obvious, but it's not hard to follow, either. It centers around the notion that security must be evaluated not based on how it works, but on how it fails.
It doesn't really matter how well an ID card works when used by the hundreds of millions of honest people that would carry it. What matters is how the system might fail when used by someone intent on subverting that system: how it fails naturally, how it can be made to fail, and how failures might be exploited.
The first problem is the card itself. No matter how unforgeable we make it, it will be forged. And even worse, people will get legitimate cards in fraudulent names.
Two of the 9/11 terrorists had valid Virginia driver's licenses in fake names. And even if we could guarantee that everyone who issued national ID cards couldn't be bribed, initial cardholder identity would be determined by other identity documents... all of which would be easier to forge.
Not that there would ever be such thing as a single ID card. Currently about 20 percent of all identity documents are lost per year. An entirely separate security system would have to be developed for people who lost their card, a system that itself is capable of abuse.
Additionally, any ID system involves people... people who regularly make mistakes. We all have stories of bartenders falling for obviously fake IDs, or sloppy ID checks at airports and government buildings. It's not simply a matter of training; checking IDs is a mind-numbingly boring task, one that is guaranteed to have failures. Biometrics such as thumbprints show some promise here, but bring with them their own set of exploitable failure modes.
But the main problem with any ID system is that it requires the existence of a database. In this case it would have to be an immense database of private and sensitive information on every American -- one widely and instantaneously accessible from airline check-in stations, police cars, schools, and so on.
The security risks are enormous. Such a database would be a kludge of existing databases; databases that are incompatible, full of erroneous data, and unreliable. As computer scientists, we do not know how to keep a database of this magnitude secure, whether from outside hackers or the thousands of insiders authorized to access it.
And when the inevitable worms, viruses, or random failures happen and the database goes down, what then? Is America supposed to shut down until it's restored?
Proponents of national ID cards want us to assume all these problems, and the tens of billions of dollars such a system would cost -- for what? For the promise of being able to identify someone?
What good would it have been to know the names of Timothy McVeigh, the Unabomber, or the DC snipers before they were arrested? Palestinian suicide bombers generally have no history of terrorism. The goal is here is to know someone's intentions, and their identity has very little to do with that.
And there are security benefits in having a variety of different ID documents. A single national ID is an exceedingly valuable document, and accordingly there's greater incentive to forge it. There is more security in alert guards paying attention to subtle social cues than bored minimum-wage guards blindly checking IDs.
That's why, when someone asks me to rate the security of a national ID card on a scale of one to 10, I can't give an answer. It doesn't even belong on a scale.
Jeremy @ Aug 30th 2006 4:49PM
No biggie here, we have been using CAC's at my company for a couple of years with the Smart Chip. It's kind of nice at the cafeteria, because you just swipe your badge and it automatically gets deducted from payroll.
Whynot @ Aug 30th 2006 7:12PM
Why is it that federal employees aren't going to have RFID chips in their biometric ID? Oh wait! Maybe it's not safe enough for them! Yeah, RFID is just for the masses... :P
SumDumGuy @ Aug 30th 2006 11:11PM
This is fairly typical of the government. We had smart cards at interior for years and they spent a cool million installing smart card readers on ever users desktop. Every last one of those reader is sitting dormant at Interior. Why? Cause they couldn't get the drivers to work. (With the smart cards I assume, the the readers showed up as valid win32 devices.)
My take? Yet another retarded initiative that will quietly die after a few years once the retards in government IT can't figure it out.
Matt @ Aug 31st 2006 1:34PM
that metal thing looks like a sim card of a gms phone..
Mike @ Aug 31st 2006 7:20PM
@Jeremy
Yes indeed, I love to be able to buy from either of our cafe's and not have to worry about having money :) Does a fine job working the elevators as well =)
More power to CAC :)
Biometrics @ Sep 12th 2006 12:17PM
To learn more about biometrics, click my name!
Sameha @ Feb 25th 2007 3:54AM
Biometric devices are making transnational communication much easier, safer and more reliable. Tracking clients/citizens is getting faster. I am a representative of an established research based biometric firm named M2SYS Technology http://www.m2sys.com/
based in Atlanta Georgia. We have provided our fingerprint scanners to numerous organizations like public safety, government institutions, healthcare etc., starting from medium to large across various countries, who are now making a very fast and reliable tracking and record service through integrating our secured fingerprint identification system in their software. Our’s is a patent-pending fingerprint software solution that can be instantly integrated with a host application, avoiding development burdens associated with a fingerprint SDK. We also offer several off-the-shelf fingerprints software products that are distributed to the end user market through our expanding list of channel partners. I believe to keep up with speed of service and tracking the citizens in an efficient way, finger print scanners are one of the best solutions.