October 5, 2007 By Shane Peterson
ensure that those different organizations work collectively on this implementation in very short time frames and under very key milestone dates in order to implement systems that, across those organizations and across the board, meet our control and implementation requirements," said Temoshok.
Though HSPD-12 specifically targets federal employees, standardizing the way federal agencies collect personally identifiable information from those employees and encode that information into HSPD-12-compliant identity cards might impact everyday U.S. citizens.
Various communities, including state and local governments, first responders, the health-care industry and international organizations, have expressed interest in the Federal Information Processing Standard 201 (FIPS 201), Temoshok said.
Officially titled Personal Identity Verification of Federal Employees and Contractors, FIPS 201 was created by the National Institute of Standards and Technology (NIST) as the federal government's standard for personal identity verification (PIV) based on secure and reliable forms of identification credentials.
FIPS 201 also addresses requirements for initial identity proofing, infrastructures to support interoperability of identity credentials, and accreditation of organizations and processes issuing PIV credentials, according to NIST.
"This is not a national ID card, but it is a national identity standard for the federal government that we can point to," Temoshok said. "Across those groups, we've seen great interest in adopting those standards and potentially implementing solutions that can interoperate with the deployments we're putting into place across the federal government.
"We had hoped for that," he continued. "We're very pleased and surprised to see that level of interest, and even across those diverse communities."
Defaulting to Identity
Despite the rush to fortify the driver's license and federal credentials, detractors suggest that the policymakers' approach solves the wrong problem. The issue isn't the security of either document, said Jim Harper, director of information policy studies at the Cato Institute. He said the real problem is a misunderstanding of the identity concept.
"The first mistake is that a lot of people are assuming that identity is a single, uniform thing - that each of us has one, and it starts with us when we're born and it ceases when we die," Harper said. "That's just not the case, and the people who actually work on these problems recognize that."
A person has many identities, he said. The identity shared with family differs from the identity shared with a financial services provider, which may not be the identity shared with the IRS, which is separate from the identity shared with a librarian, he said.
Harper, a member of the Department of Homeland Security's Data Privacy and Integrity Advisory Committee and author of Identity Crisis: How Identification Is Overused and Misunderstood, said he and former Utah CIO Phil Windley arrived at the same conclusion.
"He expressed it very well [in his book, Digital Identity]," Harper said. "An identity is a relationship. There isn't just one relationship you have with the government, and that defines every other relationship you have. So the idea that we'd have an identity system structured as a government-created identity system is equally inaccurate."
This mindset is what caused the driver's-license-as-credential problem in the first place, he said, and America is still locked into the idea that there's a simple way to create a single, uniform identification system.
It's a holdover from days gone by, he explained, when so many transactions used to happen face-to-face and proving your identity was crucial to carrying out those sorts of transactions.
Harper said he sees two tracks developing in the struggle to alter identity management: One track is the government-backed, card-based identification, such as Real ID. The other is the private-sector backed, digital identity management track, such as Microsoft's CardSpace, which lets users manage their portfolio of
You may use or reference this story with attribution and a link to