Full steam ahead for biometrics

Last issue we looked at biometrics-enabled passports using “smart card” technology, but before leaving this subject for a while there are one or two more things to mention.

I hadn’t thought about it, but recent statistics show that the U.S. government has issued more than 3.5 million smart cards. The Department of Defense issued the most, going to all military personnel. But smart cards are also used by the departments of Interior, State and Treasury for a wide assortment of activities including secured network access.

The success of these various programs is leading to the potential issuing of a single smart card specification to be used by all government employees when authentication and authorization are required.

The Office of Management and Budget (OMB – the cross-department administrative authority for the executive branch of the U.S. government) has set up a new committee, the Federal Identity and Credential Committee (FICC), to co-ordinate smart card technology across all government departments. While the courts and congress don’t come under the purview of OMB, it can be expected that their management arms will cooperate so that the smart cards developed are interoperable.

Once the federal government sets the specifications you can expect the state governments to begin jumping on the smart card bandwagon for not only all of their employees but also anyone they issue identity information to – such as all driver’s license holders. In time, this could lead to a universal smart card for all U.S. citizens.

Long before that occurs, expect for advocates to ask that biometric information be stored on the card to further authenticate the cardholder. There are many people who feel we aren’t ready for that step yet, including people in the identification and smart card industries (for example, see this U.K. news report, “UK ID scheme complex, costly, won’t work, says expert” https://www.theregister.co.uk/content/6/31700.html). But, gradually, the kinks should be worked out, people’s reluctance overcome and national ID cards with biometric data will be, well, universal.

At last week’s opening of the European Biometrics Forum (https://www.eubiometricforum.com/index.htm) in Dublin, Ireland, Gartner research director Anthony Allan cited user reluctance as the single biggest obstacle to widespread use of biometric data in identity management. He named privacy concerns as a primary showstopper. Not only are people worried that the government (or private industry, for that matter) would be able to track their movements, there’s also the widespread worry that corrupt government officials would sell identities to the highest bidder. While no two people may have the same fingerprints, it’s quite possible to associate the same identity with two different sets of prints – if you have the equipment used to encode and issue the smart cards.

Security surrounding the smart card issuing agencies will have to be even stronger than that in place for agencies issuing paper identity cards such as passports and driver’s licenses. But that should really be just another opportunity for the security and the identity management communities. We’ll follow up on these stories as more information about government smart cards and biometric passports becomes available.