NIST gives thumbs up to revised PASS card

A revised technology design for the Homeland Security and State departments' upcoming border-crossing identification card now meets international security standards, according to the National Institute of Standards and Technology.

NIST Director William Jeffrey said the agency reviewed, and recommended changes to, the proposed card architecture for the People Access Security Services (PASS) card, which will be used by Americans, Canadians and Mexicans who frequently cross back and forth across the U.S. borders.

In recent months, DHS and State officials have indicated they intend to seek proposals for a Pass card with a long-distance radio frequency identification tag, which is a computer chip that can transmit information wirelessly over distances of 20 feet or more. It also known as Generation 2 RFID, or Gen-2 RFID.

Jeffrey wrote in a May 1 letter to senior officials at the two departments that since State and DHS already had selected a technology, the institute's goal was to make recommendations to ensure that the PASS card complies with international standards. NIST said it was undertaking the assessment to comply with Section 546 of the homeland security appropriations bill of fiscal 2007.

"Given this agreement between the Departments of State and Homeland Security, NIST focused its efforts on working with the two agencies to assure that the Gen-2 RFID met the requirements of Section 546," Jeffrey wrote.

It was atypical for NIST to conduct such a review, and it was done specifically to meet the requirements of the appropriations bill, Matthew Heyman, chief of staff at NIST, told Washington Technology. "It is not a usual activity for NIST to be involved in reviewing technologies for certification," he said.

NIST proposed changes to the design of the PASS card, and many of those changes were adopted, and the final design as described in the request for proposals has been certified to meet the relevant international standards, Jeffrey wrote. The NIST certification paves the way for release of a request for proposals for producing the card and beginning enrollments.

One of the revisions reviewed by NIST involves introduction of an "attenuation sleeve" to hold the card and to protect the data from being transmitted when it is not being used. The proposed attenuation sleeve was considered part of the card architecture since it is necessary to mitigate the risk of the information on the card being tracked by unauthorized users, Jeffrey wrote in his letter.

But details on the final technology design will not be released publicly at this time because they are "procurement-sensitive," Heyman said. The request for proposals for the Pass card contract is expected within several weeks.

The PASS card is being introduced as part of the Western Hemisphere Travel Initiative signed by the United States, Mexico and Canada. Under the new initiative, passports or specific alternative documents such as the PASS card will be required to cross the borders starting in 2008. Previously, a large number of documents were allowed to be used to prove identity at the borders.

The PASS card is expected to be small and convenient so it can be carried in a wallet. The choice of long-distance RFID has been controversial because critics say the technology has not been specifically designed for identification cards and does not have strong privacy protections. DHS officials have said they support the long-distance RFID because it improves speed and convenience in border crossings.