Aug 17, 2006Several providers of digital security solutions for identification documents have banded together to help educate all levels of government on the use of secure electronic identification technologies, including contactless (RFID-enabled) smart cards.
Announced on Wednesday at the National Conference of State Legislators (NCSL) in Memphis, Tenn., the Secure ID Coalition includes contactless smart-card makers Gemalto and Oberthur Card Systems, as well as chipmakers Infineon Technologies, Philips Semiconductors and Texas Instruments.
The organization will meet with state and federal legislators to share its principles of privacy, best practices and standards in securing identification-management programs. In doing so, it hopes to dispel some of the myths regarding RFID and contactless smart cards, and to ensure that government agencies are implementing the right technology with the appropriate security and privacy mechanisms in place to meet the agencies' individual needs.
"There is such a large amount of misinformation that we have to be genuinely concerned that people aren't going to take advantage of this technology, or drive legislation that would ban the technology altogether," says Tres Wiley, director of e-documents at Texas Instruments. "We also don't want to see implementation without the kinds of security necessary, which could then backfire."
Secure ID issued a statement saying it recognizes the importance of citizens' privacy rights, including "privacy of personal information as defined by all relevant regulations and laws" and "the right to know what data is contained in electronic ID documents, how that data will be collected, secured and transmitted, the presence of radio frequency (RF) technology in ID docs, and when, where and why an RF device is being read." The coalition also deems it vital that mechanisms be in place so "that ID documents have been appropriately secured against threats of fraudulent access to personal information."
The group's formation comes on the heels of the U.S. Department of State's announcement earlier this week that it has started issuing electronic passports (e-passports) to the public. An e-passport contains an RFID chip designed to help authenticate that the passport is genuine. Industry experts responded earlier this week to security concerns about e-passports, raised by Lukas Grunwald, a consultant with computer security firm DN-Systems. Grunwald demonstrated that by using an open-source software package called RFDump and an RFID interrogator (reader), he could duplicate the data from his RFID-enabled German passport onto an RFID access card. The experts say the cloning possibility poses little risk (see Industry Group Says E-Passport Clone Poses Little Risk).
