Government Technology - October 2007 - (Page 33)

Access Granted that integrate access to physical facilities and information systems. Because the cards contain personally identifying information about federal employees, agency privacy officers will also be heavily involved. “HSPD-12 really has mandated a cultural change to ensure that those different organizations work collectively on this implementation in very short time frames and under very key milestone dates in order to implement systems that, across those organizations and across the board, meet our control and implementation requirements,” said Temoshok. Though HSPD-12 specifically targets federal employees, standardizing the way federal agencies collect personally identifiable information from those employees and encode that information into HSPD-12-compliant identity cards might impact everyday U.S. citizens. Various communities, including state and local governments, first responders, the health-care industry and international organizations, have expressed interest in the Federal Information Processing Standard 201 (FIPS 201), Temoshok said. Officially titled Personal Identity Verification of Federal Employees and Contractors, FIPS 201 was created by the National Institute of Standards and Technology (NIST) as the federal government’s standard for personal identity verification (PIV) based on secure and reliable forms of identification credentials. FIPS 201 also addresses requirements for initial identity proofing, infrastructures to support interoperability of identity credentials, and accreditation of organizations and processes issuing PIV credentials, according to NIST. “This is not a national ID card, but it is a national identity standard for the federal government that we can point to,” Temoshok said. “Across those groups, we’ve seen great interest in adopting those standards and potentially implementing solutions that can interoperate with the deployments we’re putting into place across the federal government. “We had hoped for that,” he continued. “We’re very pleased and surprised to see that level of interest, and even across those diverse communities.” HSPD-12 mandates the creation of a single identiﬁcation card for approximately 4 million federal employees that can be used to access any federal building, facility and computer system. This image shows some of the features of an HSPD-12 compliant card. Information about the cardholder veriﬁes identity and authorizes the individual to access speciﬁed facilities. Detailed cardholder information is now stored electronically. All data in the card must be read by an HSPD12 compliant card reader. New HSPD-12 Card SOURCE: ENTERPRISE AIR “The first mistake is that a lot of people are assuming that identity is a single, uniform thing — that each of us has one, and it starts with us when we’re born and it ceases when we die,” Harper said. “That’s just not the case, and the people who actually work on these problems recognize that.” A person has many identities, he said. The identity shared with family differs from the identity shared with a financial services provider, which may not be the identity shared with the IRS, which is separate from the identity shared with a librarian, he said. Harper, a member of the Department of Homeland Security’s Data Privacy and Defaulting to Identity Despite the rush to fortify the driver’s license and federal credentials, detractors suggest that the policymakers’ approach solves the wrong problem. The issue isn’t the security of either document, said Jim Harper, director of information policy studies at the Cato Institute. He said the real problem is a misunderstanding of the identity concept. Jim Harper director of information policy studies, Cato Institute Integrity Advisory Committee and author of Identity Crisis: How Identification Is Overused and Misunderstood, said he and former Utah CIO Phil Windley arrived at the same conclusion. “He expressed it very well [in his book, Digital Identity],” Harper said. “An identity is a relationship. There isn’t just one relationship you have with the government, and that defines every other relationship you have. So the idea that we’d have an identity system structured as a government-created identity system is equally inaccurate.” This mindset is what caused the driver’slicense-as-credential problem in the first place, he said, and America is still locked into the idea that there’s a simple way to create a single, uniform identification system. It’s a holdover from days gone by, he explained, when so many transactions used to happen face-to-face and proving your identity was crucial to carrying out those sorts of transactions. Harper said he sees two tracks developing in the struggle to alter identity management: One track is the government-backed, cardbased identification, such as Real ID. The other is the private-sector backed, digital identity management track, such as Microsoft’s CardSpace, which lets users manage their portfolio of digital identities and is part of the new Vista 33 http://www.govtech.com

Table of Contents Feed for the Digital Edition of Government Technology - October 2007

Contents Point of View Big Picture The Last Mile GT Spectrum Letters How It Works Cerf on the Net Way Back Machine Separation Anxiety Let's Roll Rising to the Challenge Wednesday Afternoon Fever Parking Possibilities Products Signal: Noise

Government Technology - October 2007

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.