In some ways, smart cards are an amazing technology. In one small strip, all kinds of personal information can be stored. Smart cards look like the typical credit-card most of us carry in our wallets. They use integrated circuit chips to store and process data and would be a big advancement for improving the security of assets of agencies or companies. The cards also provide a better way to authenticate people accessing government buildings and computer systems.
And for some people, they seem a lot like the “big brother” government envisioned in novels from the 1950’s. These cards can contain a great deal of information on each person who has one-think of it as some key aspects of your identify available in a magnetic strip you carry around in your wallet available to anyone with the key to reading the strip.
The Office of Management and Budget has a vision for implementing standard federal employee credentials throughout the federal government through the use of smart cards.
That vision isn’t here yet though. According to Joel C. Willemssen, Managing Director, Information Technology Issues at the GAO, a number of problems remain. In addition to the privacy concerns that some people have, other problems include:
• sustaining executive-level commitment in the face of organizational resistance and cost concerns;
• obtaining adequate resources for projects that can require extensive modifications to technical infrastructures and software;
• integrating security practices across agencies, a task requiring collaboration among separate and dissimilar internal organizations;
• achieving smart card interoperability across the government.
The General Services Administration has been designated as the agency to promote use of this program through federal agencies. GSA has set up a governmentwide contracting vehicle and has established interagency groups to work on procedures, standards, and guidelines.
Because of the problems with implementing a complex program like this throughout government, both GSA and OMB still have much work to do before common credentialing systems can be successfully implemented across government agencies. What information will be on the cards? How will the system be standardized throughout the government with agencies having different concerns, interests and security requirements?
The process of making these decisions has started. You can read the latest GAO report on this issue from the column on the left hand side of this page.