Coalition shares ideas for implementing standard IDs

A coalition of government agencies and private companies has given the Homeland Security Department broad recommendations for implementing requirements of a 2005 law on standardized identification.

The so-called REAL ID Act requires that states begin issuing ID cards, such as driver's licenses, in 2008 that comply with new federal standards. Only documents that meet the standards will be accepted for things such as entering courthouses, flying on airplanes, opening bank accounts or getting government services.

Homeland Security is responsible for developing the new standards but has yet to announce what they will be. Department spokesman Jarrod Agen said a notice of proposed rulemaking will be released later this year and be followed by a public comment period. "The odds are pretty good that it will be the later half of this year," he said.

The tight timeframe has some state governments concerned, especially if the standards require them to buy new information technology systems or dramatically change their processes.

"It will be a challenge for everyone," said Reed Stager, chief of the government affairs committee for the Document Security Alliance, a coalition of more than 70 private companies and 20 government agencies. "I believe there will be a lot of work required to become compliant, and it depends on what the final rulemaking is."

He added: "How big the gap is between the current processes and what the eventual requirements will be is unknown. Obviously, the larger gap, the more difficult it's going to be to become compliant."

The alliance has given Homeland Security its recommendations for the credentialing standards. Its ideas cover five key elements of a secure identification system: capturing applicant data, verifying identities, incorporating security into credentials, producing credentials and authenticating those credentials.

"It's not just a credential," Stager said. "It's actually the whole infrastructure for issuing a secure credential that's important."

The alliance's recommendations are based on what members believe is practical and cost-effective, said Stager, who is also the executive vice president for Digimarc, which provides services and products for secure credentials.

The alliance recommends that credentials use two-dimensional barcodes for data capture and verification, which already is common for driver's licenses. The alliance also recommends that credentials use facial photographs rather than fingerprints or other biometric identifiers.

"It's kind of like the doctor's creed: Do no harm," Stager said. "Make sure that the credential itself can be accommodated for what its current uses are."

For security, the alliance recommends that the credentials have both overt and covert features, such as digital watermarks.

When it comes to verifying information, the alliance recommends that states be required to check only two federal databases: the Social Security On-Line Verification system and the Systematic Alien Verification of Entitlements system.

Stager said 85 percent of states already have access to the Social Security database, while about 14 states have access to the SAVE database. "It'd be difficult to hold the states as being non-compliant if they can't access a database that isn't available," he said.