Feds Start Small on Smart IDs

jcatcw writes "Some government employees will be getting smart ID cards beginning this week. The unfunded mandate to have all employees and contractors use Personal Identity Verification (PIV) cards is part of Homeland Security Presidential Directive 12. The U.S. General Services Administration is providing enrollment centers that can verify the identities of employees, fingerprint and photograph the workers, and issue PIV cards to them. The deadline for getting cards to all employees and contractors is the end of September 2008."

So what?

[Footix]

As long as these IDs are only being used to keep unauthorized people out of government buildings, there's nothing wrong with that - everybody should have an employee ID card anyways. It's only when Fancy-Schmancy National ID Cards(TM) become mandatory that we need to start worrying.

Re:So what?

[rts008]

Step by step is how it happens- so subtle you don't even realise until it's too late.

It's starting to get late, heading towards too late soon.

Re:So what?

[suv4x4]

As long as these IDs are only being used ... It's only when Fancy-Schmancy National ID Cards(TM) become mandatory that we need to start worrying.

Maybe you're not familiar with how to enroll a technology/change/law/regulation etc. that is wildly unpopular with the population.

And you do it, by enforcing it gradually. First to the most loyal circle of people, then wider and wider, gradually, quetly, setting a trend and preventing any mass outbreak against it.

As the amount of people with IDs grow, you now have some "passive support" from them when trying to enforce it on the rest. That is: they don't care if they have ID or not, and maybe they in fact would rather not, but if they would, then why the rest would have the privilege to be ID-free?

You don't have to look far to see how this works: see taxes. Noone likes to pay taxes, yet if someone (especially rich) is revealed to have hidden some of his taxes, the whole nation jumps against him, since they have to pay all those taxes, why not he?

Re:So what?

[MightyYar]

But what about this step is alarming? You can't just wave off ALL security measures because they might someday lead to a police state.

Re:So what?

[MightyYar]

So you think that our elected representatives should be able to shirk their duties without repercussion? They did the equivalent of taking their ball and going home because they didn't like how the game was going. They could have abstained from voting if they wanted. Shutting down the government is not acting on the will of the people, and the Senate rule allowing for arrest of quorum-busters was pre-existing - not some recent invention of the Texas Republicans.

In any event, they were not arresting "Democrats" as if they were Jews in Nazi Germany or political dissidents in the Soviet Union. You are still safe to espouse whatever beliefs you have about anybody with only social consequences.

Re:So what?

[MightyYar]

First, I want to compliment you on your well-crafted reply. I think that your points are valid - though it may be necessary to have SOME kind of biometric entry system. I think that recording an iris-print, for instance, is probably less of an invasion of privacy for the employees, and less prone to abuse since they are pretty useless for anything except security. They also do not carry the "criminal" stigma of fingerprints, and couldn't be spoofed as easily.

I think that biometric entry is SUPPOSED to improve the odds that the person that is holding the ID is actually who they say they are. In truth, this probably has little benefit to security. You can talk your way into almost any building, or simply enter the same door immediately after a real employee. That said, I don't think that this is much of an invasion of privacy, since AFAIK federal employees are already fingerprinted as part of their background check.

RF

[TheSHAD0W]

I have no problem with smart IDs themselves; but if they're RFIDs there's going to be trouble. Hopefully a few exploits will be tried while the system is being rolled out so our wonderful government regulators will realize there's a problem.

What's the alternative to RFIDs? Well, the alternative to contactless is non-contactless. You may remember the original American Express Blue cards with the little copper pads on one side. Similar "smartcard" technology has been used by other card makers, especially in Europe.

So what's the difference? The difference is that RFIDs can be accessed without one's notice, and it's difficult to determine whether or not you're safe. The RFIDs in US passports, meant to be accessed at a distance of no more than a few inches, has been read at distances of a few feet and detected from dozens of feet away. Do you want to advertise you're carrying around your valuable passport? I don't.

Re:RF

[CosmeticLobotamy]

Hopefully a few exploits will be tried while the system is being rolled out so our wonderful government regulators will realize there's a problem.

When has proof that a system doesn't work and is dangerous ever convinced a large group of politicians not to scale it up?

Re:RF

[EtherealStrife]

Um...HELLO? A relative of mine works at the local city hall (which adjoins the police department) and she's had an rfid card for the entire time she's worked there (over 15 years). The RFID battle is over for state/govt employees, it happened a LONG time ago.

In California a huge chunk of the population (myself included) has FasTrak. It allows automated toll processing for FasTrak lanes on freeways (carpool for the socially challenged) and for access to dedicated toll roads.

As much as I hate Bush, this is technology that has been in *use* for longer than he's been in office. Worry when they're mandatory for Average Joe, but until then this is old news.

Tin Foil Hat Brigade

[x_MeRLiN_x]

"from the small-start-leads-to-big-ending dept." How unusual is it for an employer to have some sort of an identity card scheme and why is it that this will no doubt inspire all sorts of comments about government privacy violations?

The right solution for the wrong problem

[thesandbender]

I've worked as a contractor for the Federal Government and the City of New York (which considers themselves a Federal Government). Most of the agencies I worked at had security that was an absolute joke. I'll give the guys at the DoE/Forrestal Building some credit as well as the Department of Juvenile Justice in NYC , they actually asked questions and took their jobs seriously. (The DoJJ guys in New York are the only ones who have flat-out denied me entry... no matter how much smooth talking I did. For whatever reason, the guards I came across took protecting the identities and lives of the children in overseen by the agency very, very seriously and I have the utmost respect for them because of it.) Most of the other security guards were too concerned about talking about the caboose of the last woman to walk through the metal detector.

The point is, no amount of technological or physical security is going to do any good if the people entrusted with its implementation are not trained to do their job properly or take it seriously. The only "serious" contracts I worked were at DoE but at the rest of the agencies I had access to enough information to financially ruin a good number of the people in the United States. Thankfully I worked with people who took that responsibility as seriously as I did but I can't help but feel that was through luck of the draw and not the success of the system.

Smartcards/RFID make sense if they going to be used and implemented properly (e.g. you picture is on the card and encrypted with a public key system so that the agency can verify that it's authentic and not a clever forgery... and the people at the desk care enough to actually check)... otherwise it's just another way for contractors/etc to make money and a waste of everyone else's time. /looking for the black helicopters

Re:I've had mine for a year

[MysticOne]

I was going to say the same thing. I'm a contractor and just started working with the DoD in April, and I have a Common Access Card as well. I don't know if other bases are using them in the same manner, but we even use them for base access now (unless you're somebody who, for some reason, doesn't get one).

Yup

[everphilski]

The same. We have a competent IT staff, haven't had any major snafus really. Mostly problems between the keyboard and the chair :)

Slick system, login via CAC card (common access card) with a PIN. Emails can be encrypted with a digital signature. When online training is completed it is automatically added to your record and signed with your key. Very slick system.

Other means of tracking

[Guitarhero1000]

I hate to say it but anyone who carries a cell phone is trackable. In fact, were using the internet right now. Trackable. It's all possible, and no one is safe from wrong-doings. But we can't phase out technology just because it's "Trackable". History tells us that in fact that this WILL be used for wrongdoings by government. It's a matter of WHEN it gets out of hand. And it will. Stay alert and cautious.

Re:your post falters in the second sentence.

[MightyYar]

Two VERY different circumstances. An airplane is public - of course ID provides little security. In the case of an access-controlled building, it's only common sense that better ID would increase security.