The technology has been the stuff of movies for years: A secret agent
runs his fingertip and an encrypted ID card over a pair of sensors. There's
a match, and the door swings open.
In the coming months, a wave of government initiatives could start making such
high-tech methods of identification commonplace -- beginning with the replacement
this fall of federal employee IDs. Similar cards are planned for transportation
workers, first responders and visitors to the United States.
Packed with biometric data such as fingerprints and containing a computer chip
with room to expand the amount of information stored, the new IDs represent
a potential boon to technology companies eyeing an estimated $8 billion in identity-related
contracts. Firms such as BearingPoint Inc. and Lockheed Martin Corp. have set
up showcase identity labs, pulling technology from different companies into
turnkey operations. Hundreds of smaller companies, down to manufacturers of
plastic cards, are vying for part of the market.
The biggest business opportunity still looms: Driver's licenses, which
are due for a retooling under new federal laws.
"When you're talking about credentialing the federal workforce and contractors,
you're talking about maybe 10 million people. When you're talking first responders,
you're at 20, 30 or 40 million people," said Thomas Greco, a vice president
at Herndon-based Cybertrust Inc. "But when you're talking credentialing
all registered drivers in the United States, you're up to hundreds of millions
of people. Nobody is losing sight of that."
In an era of chronic concern over terrorism and anxiety over immigration, the
business of determining who is who has become increasingly urgent. But it is
not without controversy. Americans have long resisted the idea of a national
ID card, for example. The growing sophistication of computer databases and networks
has heightened privacy concerns -- as have data breaches, from the theft or
loss of government computers to AOL's online posting of 36 million keyword searches
conducted by hundreds of thousands of subscribers. If the pool of government
programs using the new identity technology gets large enough and the amount
of information collected gets detailed enough, "there will be a lot of
pressure for these programs to converge," creating a de facto national
identity system, said Barry Steinhardt, director of the technology and liberty
project at the American Civil Liberties Union.
Use of a new government standard may prompt the private sector to follow. The
banking, retailing and health-care industries are monitoring the federal initiatives,
ready to apply stricter identity standards when dealing with their employees
and customers. In an online world, the technology could also be used to establish
that two people who never meet in person really are who they say they are.
Federal agencies are supposed to begin issuing their new ID cards in October,
complying with a 2004 Bush administration directive requiring more stringent
methods for tracking who gets access to federal facilities.
The new cards must meet a rigorous federal standard that details -- down to
the size of the typeface -- what the new cards look like and how they are used.
At a minimum, the IDs will require fingerprints and possibly retinal scans or
other forms of biometric identification, depending on the agency. The cards
are also likely to incorporate magnetic strips, personal identification numbers
and digital photos, as well as holograms and watermarks to deter forgery. Before
employees and contractors can get their new credentials, they will have to submit
to a thorough background check, if they have not already.
By employing multiple methods of checking identity, officials hope to make
it as difficult as possible for someone other than a card's owner to use it.
Ultimately, the cards will determine not just who gets into buildings but also
who receives access to computer applications and files.
Because the information needed to verify an individual's identity won't take
up much space on the computer chip in each card, plenty more can be added. An
employee's skills, work hours, medical history and job evaluations, for example,
could all be included -- much to the dismay of civil liberties advocates.
Already, other federal programs are borrowing from the new standard for government
workers. A program to issue credentials to all transportation workers to monitor
who has access to air and seaports, for instance, will subject those workers
to much the same process as federal employees.
In addition, the Real ID Act, approved by Congress last year, aims to standardize
security features on driver's licenses by mid-2008. The Department of Homeland
Security has not yet set the standards that states will have to follow. It probably
won't include the advanced biometrics the federal government is using for its
employees, and states are pushing hard to avoid a complex reengineering of the
ubiquitous, low-tech driver's license.
Nonetheless, the companies that make the cards, the scanning devices and the
software needed to run identity systems are closely watching the driver's license
requirements. They say they understand the privacy concerns but also expect
that security will remain a top priority -- with ID standards likely to get
stricter, the technology more sophisticated, and the business more profitable.
"No one's going to want technology that just exposes them to more risk,"
said Greco, whose company, Cybertrust, focuses on information security.
At BearingPoint's McLean offices, the company has set up a room to show off
a range of identity systems, including machines for taking fingerprints, scanning
irises, recognizing faces or even differentiating between individuals based
on the shape of a hand.
"We think it's a terrific area of opportunity," said Gordon Hannah,
who leads BearingPoint's efforts to win identity contracts.
Earlier this month, the General Services Administration awarded BearingPoint
a five-year deal worth up to $105 million to supply new IDs to any agency that
wants them. Agencies that do not buy their cards through the GSA contract are
holding their own competitions.
That may be just the beginning. A recent study by the Stanford Washington Research
Group and an expert in identity management put the value of the 10 biggest U.S.
identity initiatives at $8 billion over the next five years, with an additional
$14 billion coming from overseas.
From those programs, identity businesses expect other opportunities to emerge.
"One of the inhibitors has been the cost of the technology. But with the
widespread adoption by the government, the cost of everything is going to come
down," said Jon Rambeau, director of credentialing at Bethesda-based Lockheed
State and local governments are considered major potential buyers. Among their
needs are credentials for first responders so that officials can verify the
identity of people who show up to help in the event of an emergency.
On the commercial side, too, boosters of identity technology say the opportunities
abound. Banks, for instance, may want secure cards that can guarantee that someone
trying to cash a check really is the intended recipient. Hospitals are looking
into using the identity systems for a more reliable way of accessing medical
records. And retailers have been working on allowing consumers to make purchases
with the swipe of a finger, instead of a card.
Nor do the opportunities stop at the U.S. border. California-based contractor
Computer Sciences Corp. has enrolled 40 million people in identity programs
worldwide. But on a planet of 6.5 billion, the company thinks it has only scratched
"Each country has exactly the same issues: How do you facilitate security,
facilitate movement across borders and protect privacy all at the same time?"
said Tim Ruggles, CSC's director of border and immigration solutions. "That's
a tough one."
Read from Looking Glass News
How Major Corporations and Government Plan to Track Your Every Move with RFID
need not be paranoid to fear RFID
US passports to be RFID chipped