We all remember those early college years; bar-hopping the nights away and eating at restaurants of questionable repute at 3:30 a.m. Your pass into the three, four or five bars on the itinerary was your driver's license. It was the only credential you could offer bartenders and bouncers to prove you were of legal drinking age.

Over the course of any given day, this scenario is re-enacted at grocery stores, banks, gas stations or restaurants, though with an important caveat - at these businesses, you produce your driver's license to prove your identity so business transactions can be completed.

Somehow, the lowly driver's license - meant originally to prove only that the holder can legally operate a motor vehicle - took on completely different purposes. It's now the one card you use to prove your identity and as a credential to access certain places or buy certain things.

It's a long-recognized problem, but absent any real crisis to act as a motivating force, policymakers adopted a laissez-faire attitude and focused their attention elsewhere.

Unfortunately 9/11 forced the problem into the spotlight. The driver's license, in particular, fell under intense scrutiny because many of the terrorists falsified drivers' licenses to board the jetliners used in the attacks.

Policymakers hurriedly dropped the "What, me worry?" stance and duly issued legislation, the Real ID Act, to drastically alter how states issue drivers' licenses. Even before Real ID, the Bush administration issued a series of directives targeting homeland security, one of which, Homeland Security Presidential Directive-12 (HSPD-12), completely changed how the federal government issues credentials to government employees and contractors.

Critics, however, say government-led efforts seek to solve the wrong problem because the "solutions" are based on a misunderstanding of the concept of identity. Some critics also contend that, to succeed, wide-ranging identity management initiatives must be public-private partnerships instead of government-mandated programs.

 

Uncle Sam's ID Card
Since 2004, the federal government has struggled with its own identity and credentialing issue, HSPD-12. The directive is the federal government's strategy to eliminate variations in the quality and security of identification systems used to control access to federal facilities that could be potential terrorist targets, according to the directive.

"It is the policy of the United States to enhance security, increase government efficiency, reduce identity fraud and protect personal privacy by establishing a mandatory, governmentwide standard for secure and reliable forms of identification issued by the federal government to its employees and contractors, including contractor employees," the directive states.

When articulated in wonk-speak, HSPD-12 seems almost easy. In the real world, however, HSPD-12 mandates the creation of a single identification card for approximately 4 million federal employees that can be used to access any federal building, facility and computer system - not an easy row to hoe.

One significant problem is the existence of more than a dozen agency-specific systems for issuing badges and credentials, systems that maintain data on those badges and credentials in separate data records, said David Temoshok, director of identity policy and management for the Office of Governmentwide Policy in the General Services Administration.

"What the presidential directive did on the broadest scale possible was to require that those individual systems be interoperable," Temoshok explained, "that the cards have the capability to be read in different readers in different agencies, to have data exchange across systems, and data validation to allow authentication across agencies to occur."

To make this happen, agency CIOs, human resources managers and physical security personnel must jointly create standard processes that integrate access to physical facilities and information systems. Because the cards contain personally identifying information about federal employees, agency privacy officers will also be heavily involved.

"HSPD-12 really has mandated a cultural change to

Shane Peterson  |  Associate Editor