Slashdot Mirror

← Back to Stories (view on slashdot.org)

Feds Start Small on Smart IDs

Posted by ryuzaki0 on from the small-start-leads-to-big-ending dept.

jcatcw writes "Some government employees will be getting smart ID cards beginning this week. The unfunded mandate to have all employees and contractors use Personal Identity Verification (PIV) cards is part of Homeland Security Presidential Directive 12. The U.S. General Services Administration is providing enrollment centers that can verify the identities of employees, fingerprint and photograph the workers, and issue PIV cards to them. The deadline for getting cards to all employees and contractors is the end of September 2008."

4 of 92 comments (clear)

  1. Unfunded Mandate? by R2.0 · · Score: 2, Informative

    So a Federal agency is paying for these with Federal dollars - what's unfunded about this?

    You may be thinking about the REAL-ID program, which is indeed an unfunded mandate. But this isn't it.

    Thanks for the flamebait anyway.

    --
    "As God is my witness, I thought turkeys could fly." A. Carlson
  2. The Actual Program Information (imagine that) by dnadig · · Score: 5, Informative

    In case anyone cares to actually LEARN what it is rather than just ramble on about how horrible the world is:

    http://csrc.nist.gov/piv-program/index.html

    It's a very sensible document (and HSPD12 is just the mandate, FIPS201 is the implementation). All it does (ALL) is say "agencies need to have a process in place to make sure Joe is Joe, and they need to give him a card that says he's Joe, and it needs to look like this."

    It doesn't actually go further than that. It outlines an interoperable infrastructure based on dirt simple, well understood, highly tested smart card stock, lays out minimum requirements for readers, and puts a system certification process in place. The "tech" part of this is really quite simple and boring for anyone who's spent more than 10 minutes thinking about PKI or smartcards.

    The much much more important part of this is the credentialling part (PIV-1) which has been in place for a year. This establishes clear lines of responsibility and clear processes for actually establishing that Joe is Joe, and at least an attempt to make sure that, say, the Defense Manpower Data Center is using the same process as the Janitor's closet in the Department of Education. This is a GOOD THING people. It's about breaking down silos and creating (gasp) an open standard for strong(er) authentication.

    That's right folks, an open interoperability standard sponsored by the US of A. Wanna make sure your corporate ID is just a wee bit futureproof? Read the FIPS201 docs and mimic the data model and tech requirements.

    OK, back to the sarcasm laced punditry. Thank's for playing.

  3. Re:So what? by JimBobJoe · · Score: 2, Informative

    everybody should have an employee ID card anyways

    They should? Why? What exactly is achieved?

    The only circumstance I think it's justifiable is hospitals and other situations in which there's a lot of employees mingling with non-employees. Even then, I think I might be justifying that psychologically because I can't find any other logical basis for the card.

    I've cautioned against employee ID cards with the name/logo on the card. I believe this presents a major liability problem if the employee (or someone else who looks kinna like the employee) decides to use the card for a nefarious purpose. If you must have an ID card, it's best that the card not indicate the issuer. The human mind processes the photograph to face comparison so quickly that other things can be missed.

    Some security types and myself were discussing the odd fetish for employee ID cards. One suggested that if a building insists on having one, it would be better to have the document not contain a photograph, but instead stick with the description information (height, weight, eye color--like a non-photo driver's license.) The reason for this is that security guards would be more likely to give a better look at the person holding the card and might be more likely to pick up something that's amiss.

  4. Re:Question, then comment by everphilski · · Score: 2, Informative

    And the country's health care quality and affordability for everyone (not just the fortunate few that can afford if) may improve towards that which people in most other developed countries enjoy.

    very few government regulated things (there are exceptions but they are exceedingly rare) are more efficient and cost-effective than things run by the private sector. This includes health care. You get what you pay for, and guess how much taxes will go up to subsidize this new health care?

    No thanks, I'm very happy with my very low (relative to other costs of living) copay for insurance and the ability to see a doctor on a whim. I have canadian friends and they tell me about waiting in line to see a doctor. No thank you.