Standards May Lead to De Facto ID

John Moore is arguably the person most likely to influence widespread acceptance of smart cards in the United States. That's because he is the program analyst for the General Services Administration's Office of Electronic Government.

John Moore is arguably the person most likely to influence widespread acceptance of smart cards in the United States. Thats because he is the program analyst for the General Services Administrations Office of Electronic Government, in Washington, and he is overseeing a federal effort to supply 3 million smart-card IDs to the nations military personnel by the end of 2003.

Moore, a soft-spoken technocrat who has worked with digital ID systems for 15 years—10 at the Treasury Department, the last five at the GSA—would deny that assertion. But while he may talk softly, often persuading with humor and charm, Moore carries a large stick in the form of the $1.5 billion budgeted for the military ID effort.

The smart card is well-suited to that use. Moore told eWeek, "As manufactured, each card can be uniquely encrypted using technologies like public-key and digital signatures. When you load it into a reader, it becomes a computer interacting with a network."

A smart-card system is a massively distributed database, each card being a minidatabase, that can interact with other network-connected databases, from health services to credit services.

The challenge for the government, Moore said, is getting the five prime contractors and up to 50 subcontractors to share technology—that is, to provide fully interoperable hardware, software and firmware. In bidding for the project, he said, potential contractors were required to negotiate how they would interact with one another.

One result of that requirement is that no single vendor can use the military ID project as a springboard for making its proprietary technology a de facto standard—sort of like insisting that Solaris, Linux, Windows and Mac OS all promise to share their toys if they want to enter the playground. Vendors are eager to cooperate because of an implied threat: At this point in the evolution of smart-card technology, if youre not in compliance with the standards emerging from the governments project, you wont be in the market for long.

To cite one example, there are about a dozen vendors that supply so-called proximity technology, the contactless cards that speed authorization and identification with readers that use radio frequencies to detect a cards embedded data. Such systems are widely used in building access and traffic toll systems, where interoperability is not a crucial issue. But in a massive, global ID network, every companys reader has to be able to recognize the RF codes embedded in every other vendors card or token.

In the long run, standardization will benefit consumers and the industry in countless ways. Interoperability tends to push prices down by preventing market tyranny in the form of proprietary technologies that evolve into monopolies. For example, the costs of building an infrastructure of readers is expected to drop significantly as a result of high-volume manufacturing and true competition.

Standardization will also benefit consumers in the form of expanded convenience—for example, enabling a Minnesota driver to pass through a toll booth in Florida by placing a smart card on the dashboard of a rented car. Convenience, in turn, is often a major factor determining widespread acceptance of a technology.

"I really dont think well ever see a time when the government requires that people carry a digital ID," Moore said, "because beyond the more paranoid concerns of the fringe elements, there really are very serious privacy concerns. But I do think that if we can establish strong standards, the convenience of carrying a card voluntarily—to quickly get through a line at an airport, for instance— will have the same effect; it will result in a de facto national ID."