Biometrics

Congress demands progress on advanced ID cards

biometrics

Almost a dozen years after the 9/11 attacks spurred the federal government to create biometric identification cards, frustrated congressmen said the effort appears frozen in a maze of agency stovepipes and miscues.

"We've spent billions and we have nothing to show for it," said Rep. John Mica (R-Fla.) at a June 19 hearing addressing lagging implementation of fingerprint and iris recognition technology. Mica, who chairs the House Oversight and Government Reform Committee's Subcommittee on Government Operations, noted various examples of flawed federal biometric ID efforts, including the Transportation Workers Identification Credential, or TWIC card, and the Federal Aviation Administration's new pilot's license -- which does not include a photo of the licensee.

"It's mind boggling that we have nothing close to meeting with the intent of the 2004 law," said Mica. "Is there any sense of urgency here?" asked Rep. Gerry Connolly (D-Va.), the subcommittee's ranking minority member.

Witnesses included managers from the National Institute of Standards and Technology, FAA, Customs and Border Protection and the State Department.

Mica and Connolly took the agency officials to task for what they said was their inability to developing workable, interoperable identification cards that contain fingerprint and iris information under the 2004 Homeland Security Presidential Directive 12 (HSPD-12). That directive sought a government-wide standard for secure and reliable forms of identification issued by the federal government to its employees and contractors.

The June 19 hearing followed another held by the same subcommittee the week before, which looked at the TWIC card program's difficulties. In May, a Government Accountability Office report found the pilot program, aimed at providing biometric identification for dock and maritime workers for security clearance at port facilities, had significant difficulties, including flawed planning and ineffective data collection capabilities. GAO recommended against using the program as a model for any future biometric efforts. Panel members pointed out that they had implemented programs that had been effective for their agencies, or else had been whipsawed by advancing technology. Colleen Manaher, executive director of planning, program analysis and evaluation at Customs and Border Protection, pointed to her agency's many identification documents, including Secure Electronic Network for Travelers Rapid Inspection (SENTRI) cards; the bi-lateral NEXUS Canadian/U.S. cross-border biometric card, the Global Entry expedited traveler card and other examples of her agency's biometric efforts.

The State Department, responsible for issuing passports, has included a photo biometric and enhanced electronics that prevent counterfeiting, said Brenda Sprague, deputy assistant secretary for passport services at the agency.

State is at work on a next-generation passport that includes anti-counterfeiting elements and other security features, she added. The department is working on it in conjunction with the Department of Homeland Security, the Bureau of Engraving and Printing and the Government Printing Office's Security and Intelligent Documents office. The State Department plans to issue the new passport in 2015.

Although Mica and Connolly commended the developments, they questioned whether the agencies were working with each other on making documents interoperable with other agencies' efforts and noted the lack of advanced capabilities. "Any thought of matching Global Entry to passports?" asked Mica.

The most pointed questioning, however, was reserved for Charles Romine, the director of the information technology lab at NIST. "When, when, when, will we get a standard for iris recognition?" Mica asked Romine loudly.

According to Mica, NIST is the stickiest point in development of advanced iris recognition standards that other federal agencies could use to develop the dual-biometric cards. The last person at NIST to testify about the iris standards, more than a year ago, was former information technology lab director Nita Forlani, who promised to issue them and then retired.

Romine said he would have some iris recognition standards available after a July 9 workshop, adding his agency was working to be responsive, but did not want to issue documents and recommendations that could be out of date as soon as they were printed.

The initial directive, said Romine, asked for biometric elements, but didn't specify iris recognition as one of the identifying elements. NIST had to go back and work it in, he said. It also came up with three areas that could have proven problematic if not addressed before a standard came out.

Those three elements, he said, included compression levels for fingerprint images, research on whether irises change as a subject ages, and addressing how to put iris certification cameras in place. NIST, he said, has addressed all three issues and is moving forward.

Mica and Connolly, however, remained frustrated and skeptical. Private industry and the U.S. military, they said, have already produced reliable, durable and effective biometric identification cards.

The Clear Card, a privatized effort that provides biometric cards to airline passengers to pre-clear security checkpoints at airports, said Mica, is a prime example of effective technology that's already deployed. The Clear company currently provides cards with captured fingerprint or iris images to passengers at four airports around the U.S.

"If the U.S. military has issued millions of IDs in Iraq and Afghanistan," said Connolly. "Somehow those have worked there. It could work here."

The 2014 Federal 100

FCW is very pleased to profile the women and men who make up this year's Fed 100. 

Reader comments

Thu, Jun 20, 2013

Nothing on the NIST website about this so-called-workshop. More evading?

Thu, Jun 20, 2013 Beltway Bill

The DoD's Common Access Card (CAC) is a quite useful, proven smartcard, photo-ID, durable, etc. It would not be hard to include biometric (iris, fingerprint, DNA, voice, etc.) on it.... or alternatively provide a CAC-in webserver that can provide independent (non-local) validation of that additional form of ID. Key point - you should not place ALL your trust / ID into a single form (ID card) but rather allow the actor wanting to ID a person to access several 'containers' like a tamper-resistent card, a remote, trusted webserver, etc.

Thu, Jun 20, 2013 Jack

Clear is interesting, but Global Entry Rocks. For those who qualify this gets you expedited entry into the US when you travel to foreign countries AND qualifies you for Pre-Check! at 100 dollars for 5 years it is an amazing value and an example of something the government has done right!

Thu, Jun 20, 2013

Sure the iris can change. At the last eye appt I found out I have a mole on my Iris. I have dark brown eyes so it isn't seen by the naked eye but the Doctor saw it. So yes they can change!

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above