biometrics

[Dan Geer]

Folks, while we argue fine points we drift towards irrelevance

[1] National ID in Development (USA Today)
[2] Computer Security, Biometrics Dominate NIST Agenda (Washington Post)

--dan


[1] 

National ID in Development
USA Today, 22 January 2002

Federal and state groups are moving to create a national ID card that
contains fingerprints or magnetic strips, according to officials at the
Justice Department and General Services Administration. According to a
recent poll, 54 percent of adults support the creation of a national ID
card. The figure is lower than those of polls from two month ago, in
which two-thirds of adults supported such a move. A group of state
officials, meanwhile, is seeking congressional approval to standardize
documents for verifying identity when issuing driver's licenses.  Sen.
Dick Durbin (D-Ill.) has proposed federal funding for developing
driver's license standards, including studies on fingerprints, palm
prints, iris scans, face scans, or DNA.  Durbin's proposals also allow
motor vehicle authorities to access databases from the INS, the Social
Security Administration, and unspecified law enforcement agencies. The
bill would make the driver's license more reliable, he said. Similarly,
the American Association of Motor Vehicle Administrators wants Congress
to pass laws to fund a data-sharing network between the license
agencies and federal agencies. Privacy advocates believe that the
public will eventually come out in opposition of a national ID system.


[2] 

****Computer Security, Biometrics Dominate NIST Agenda
By Brian Krebs, Newsbytes.
WASHINGTON, D.C., U.S.A.,
16 Jan 2002, 4:33 PM CST

The events of Sept. 11 and the subsequent anthrax attacks have caused a
major shift in priorities for the National Institute of Standard &
Technology, prompting the agency to double its efforts to develop new
standards for everything from security scanners to biometrics to
computer security, the agency's new chief said today.

NIST Director Arden Bement said while many of the projects were begun
prior to Sept. 11, the non-regulatory agency's new role in the Bush
administration's Homeland Security initiative has added a sense of
urgency to the mix.

"September 11 really focused our activities and gave them a sense of
immediacy," Bement said in a meeting with reporters today. "Our primary
goal now is to take whatever technologies are available for application
and to develop standards and test methods (that will) make them
available to the public as quickly as possible."

Bement said NIST is just a few months away from announcing a new
biometric standard that will be used to confirm the identity of people
seeking U.S. visas or using a visa to enter the United States.

NIST also is working with the Biometric Consortium, which represents
hundreds of companies that are developing technologies to identify
people by their individual physical characteristics, such as
thumbprints, facial recognition technology, iris and retinal scans.

The biometric standards chosen by NIST could allow one or two
technologies to gain early adoption and a strong foothold in an
increasingly crowded market. Bement said biometric identifiers are
being considered as a prerequisite for entry into government buildings,
and the states are pushing ahead on a plan to link an as yet
undetermined biometric technology to identity cards and driver's
licenses.

NIST also is working to develop more effective security standards for
wireless communication networks, and is prepared to assume an even
greater role in developing computer security standards for the federal
government.

"I expect that role will expand significantly," Bement said.

NIST recently released an updated standard for encryption technology
that will soon be used to beef up security for a range of electronic
transactions, from e-mail to e-commerce to ATM withdrawals.

The agency also is bracing for more responsibility over the computer
security standards adopted by the federal civilian agencies.

Rep. Tom Davis, R-Va., chairman of the House Government Reform
subcommittee on technology and procurement policy, is drafting
legislation to reauthorize the Government Information Security Reform
Act, a law passed in November 2000 that requires federal agencies to
assess and test the security of their non-classified information
systems.

Davis plans to add a provision to the bill that would require NIST to
establish minimum technology and security standards that all agencies
must follow.

NIST also is crafting new standards to protect the nation's most
critical infrastructures, Bement said. The software that monitors and
regulates the distribution of juice over the national power grid, for
example, is not yet completely integrated.

"Grid control is a major issue now ... because a lot of the monitoring
of power flows on the grid is done with different types of software and
standards," Bement said.  "There's a fair amount of work necessary to
raise the level of security so it can't be taken down by hackers or
otherwise interrupted."

In addition, NIST has helped to re-assess standards for machines that
irradiated mail in the wake of last year's anthrax attacks, and is
reviewing standards that will govern some 2,000 new metal detectors to
be installed at the nation's airports.

While NIST is eager to have many of its new security standards adopted
by companies in the private sector, the future of the Advanced
Technology Program - the Commerce Department arm that provides support
for moving experimental technologies from the laboratory into the
marketplace - remains in question.

Many House lawmakers have for years advocated terminating the ATP, and
Commerce Secretary Donald Evans has said he would like to see the ATP
recoup more of its investment from private sector companies.

Benjamin Wu, deputy undersecretary for technology at Commerce, said
Evans has come to recognize that the program has its merits.

"He feels strongly that - irrespective of the funding issues - the
reforms he would like to propose will help bring stability to the
program," Wu said.

Bement said he was optimistic that NIST would get all the funding it
needs to handle its expanded role.

"There are a number of pending bills that not only better define this
role with regards to homeland security but also provide additional
funding," he said. "So far, we've got a pretty big plate of activities,
and we're prepared to even do more."




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com