Smart Card group raps NIST certification

An industry group is accusing the National Institute of Standards and Technology of failing to properly evaluate the technologies to be used in the Homeland Security and State departments' upcoming border-crossing identification card.

The group, the Smart Card Alliance, believes that NIST certified the Generation 2 Radio Frequency Identification card architecture for the People Access Security Services (PASS) Card without using "the appropriate standards and best practices relevant to human identity applications," wrote Smart Card Alliance Executive Director Randy Vanderhoof in a May 17 letter to NIST Director William Jeffrey. The alliance is a trade association representing companies that make identification cards and related systems.

Furthermore, the institute did not properly evaluate whether the Gen2 RFID technology choice is appropriate for the context in which it will be used in the Pass Card, Vanderhoof contended. "NIST has, for the first time, endorsed a technology without exploring its use in the context of the government mission and presenting the pros and cons of that technology offering for that mission," Vanderhoof wrote.

The alliance is asking NIST to revoke its certification and start over by reviewing the proposed architecture's compliance with international standards for ID cards.

The Pass Card is part of the Western Hemisphere Travel Initiative and is intended for use by Americans, Mexicans and Canadians who frequently cross the border.
Its design has been controversial because the Gen2 RFID tags it uses were originally developed for tracking merchandise in warehouses. The tags can be read wirelessly from 20 feet away or more, raising privacy worries. Homeland Security officials have asserted that the technology, with privacy protections, will enable the department to identify people and also provide convenience and speed in border crossings.

NIST recently reviewed, and recommended changes to, the proposed PASS card architecture. The revised design, with many of the recommended changes, meets the relevant international security standards, Jeffrey wrote in a May 1 letter to senior DHS and State officials. The design has not been released publicly.

Jeffrey wrote that since the departments had already selected a technology, NIST's goal was to ensure that the PASS card complies with international standards. Congress requested the review under Section 546 of the homeland security appropriations bill of fiscal 2007.

"Given this agreement between the departments of State and Homeland Security, NIST focused its efforts on working with the two agencies to assure that the Gen-2 RFID met the requirements of Section 546," Jeffrey wrote.

Vanderhoof and Jeffrey were not available for further comment.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here


  • POWER TRAINING: How to engage your customers

    Don't miss our Aug. 2 Washington Technology Power Training session on Mastering Stakeholder Engagement, where you'll learned the critical skills you need to more fully connect with your customers and win more business. Read More


    In our latest Project 38 Podcast, editor Nick Wakeman interviews Tom Romeo, the leader of Maximus Federal about how it has zoomed up the 2019 Top 100. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.