By Andy Williams, Contributing Editor
Tired of the misinformation being pushed by the media, privacy groups and others regarding smart card technology–in many cases getting it confused with RFID–five organizations have decided to pool their resources in an attempt to set the record straight.
The simple mission of the Secure ID Coalition, which includes some of the largest chip and smart card producers–Texas Instruments, NXP (formerly Philips Semiconductors), Infineon, Gemalto and Oberthur–is to “promote the understanding and use of smart card technology” for physical and logical access “while maintaining user privacy,” according to the coalition’s new website.
“There are some concerns about privacy and security and it’s terribly important we get the straight information out about this,” explained Tres Wiley, director of e-documents for Texas Instruments.
The coalition was first unveiled during the National Conference of State Legislators meeting in Nashville, Tenn. in August.
“For two or three years, we had a loose ad hoc coalition working together on things on Capitol Hill,” explained Neville Pattinson, director of marketing and government affairs for Gemalto. “We’re all like-minded companies. We see the same benefits of promoting the technologies that we all have.”
Targeting places where trade associations hesitate to tread
While coalition members all belong to other trade associations, “we saw examples that maybe we needed to form a smaller, tighter group,” said Mr. Wiley. “Sometimes (associations) get a membership that’s so large, they have conflicting views about technology. They’re reluctant to offend any of their members, so their information isn’t as crisp as it should be.”
For example, the Smart Card Alliance “is not chartered for advocacy and lobbying,” said Mr. Pattinson. “Certainly we will advocate for the most appropriate technology, whereas the Smart Card Alliance is not able to do that. It can educate but it can’t push a specific technology.”
He said the coalition is “looking to add new members. We don’t expect it to grow into a huge organization. We don’t want to compete with others. We want to stay tightly focused on finding the appropriate technology while protecting privacy.”
As to the type of member the coalition is seeking: “They might be large system integrators, biometrics solutions providers, silicon producers, card manufacturers. They all would be welcome if they shared our values,” said Mr. Wiley.
“Education is a good chunk of our self-imposed charter,” said Mr. Wiley. “We want to be a source of information for people. The lay press needs a lot of coaching on the technology, otherwise they’ll mix apples and oranges.”
As to the reception from legislators, who could create the laws that could hinder or advance ID technology, “the response has varied all over the map,” said Mr. Wiley. “By and large the majority of legislators who came by our booth (at the National Legislators conference) were tremendously interested. They are all technically unsophisticated. It takes some careful time to explain the issue to them. Some have preconceived ideas and believe that allowing this technology to occur is tantamount to putting a tag in your body and being tracked by the government.”
Mr. Wiley calls the coalition a “virtual organization with each of us operating from our own offices,” but it’s likely the group could become more formal, including actually hiring someone to carry forth the coalition’s mission.
Regardless, “the center of gravity will revolve around Washington, D.C.,” said Mr. Pattinson.
The coalition isn’t just paying lip service to privacy advocates. “When we’re looking at ID applications, we want to ensure the appropriate security is present,” he said. “We want to preserve the privacy of the citizen so that we know who is using the credential and that it is communicating the necessary information to the external world. It’s like having a firewall…we’re very privacy conscious about digital credentialing.”
One area the organization will likely address is a “best practices” document, said Mr. Pattinson. “The Smart Card Alliance has best practices, so does the biometrics organizations. We certainly want to see the good work done by those organizations be utilized, but we may be looking at our own position documents. We will draw from what’s currently existing and create our own at some point in the future.”
Real ID, PASS, ePassports to receive specific attention from the coalition
With the confusion over RFID, Real ID and PASS looming, said Mr. Pattinson, more education is definitely needed.
The Real ID Act, which passed Congress last year, prohibits federal agencies (and airlines) from accepting state-issued driver licenses or identification cards unless they meet minimum security requirements, such as common machine-readable technology and certain anti-fraud security features. The act requires standardized driver licenses by 2008.
PASS, which stands for People Access Security Service, is a proposed card designed to meet the Western Hemisphere Travel Initiative (WHTI) requirements, which mandates that by Jan. 1, 2008, anyone entering the United States, including U.S. citizens, have travel documents that prove their identity and citizenship.
One of the coalition’s major goals is distinguishing between “traditional RFID technology and contactless that’s used for ID documents. We think there are mistakes being made, confusing the two,” said Mr. Wiley.
It didn’t help matters when the U.S. Customs and Border Protection Agency, a division of the Department of Homeland Security, proposed a PASS card that could be read up to 30 feet away. This would give the nod to RFID and leave out contactless. However, a draft report from DHS’ own people recommended against RFID usage.
“I think we would all agree as a coalition that RFID tagging is very inappropriate for ID documents,” said Mr. Wiley. “Skimming and counterfeiting are relevant with RFID but precluded with contactless.”
Added Mr. Pattinson: “We want to make sure folks understand what’s going on.” DHS’ advocacy of an RFID-based device “has a lot of privacy concerns. We’re trying to push the ISO 14443 technology used in passports.”
Speaking of passports, “Another goal is to ensure the public doesn’t lose confidence in the electronic passport,” he added. “It’s being unfairly tagged in the RFID camp. That’s incorrect. It’s one of the most secure documents ever produced.”
“We’re looking at what’s going on at the state level. We’ve been active in California with Sen. Joe Simitian (the legislation’s sponsor). If his bill doesn’t become law, we’ll continue with trying to make sure privacy issues are in place,” said Mr. Wiley.
The industry, he said, has signed off on a compromise that provides a set of interim methods that need to be followed while the state establishes a commission to formulate more detailed regulations, said Mr. Wiley.
Added Mr. Pattinson: “We’re working on a case by case basis. We’re positioning ourselves around the major debates. We definitely want to dispel the myths about smart cards. We’re going to be addressing the campaigns as they come up. Our strategy is simply wider education.”
For more information on the Secure ID Coalition, visit www.secureidcoalition.org.