[House Hearing, 110 Congress]
[From the U.S. Government Publishing Office]



 
                TECHNOLOGY FOR SECURE IDENTITY DOCUMENTS

=======================================================================

                                HEARING

                               before the

                 SUBCOMMITTEE ON GOVERNMENT MANAGEMENT,
                     ORGANIZATION, AND PROCUREMENT

                                 of the

                         COMMITTEE ON OVERSIGHT
                         AND GOVERNMENT REFORM

                        HOUSE OF REPRESENTATIVES

                       ONE HUNDRED TENTH CONGRESS

                             FIRST SESSION

                               __________

                            OCTOBER 18, 2007

                               __________

                           Serial No. 110-90

                               __________

Printed for the use of the Committee on Oversight and Government Reform


  Available via the World Wide Web: http://www.gpoaccess.gov/congress/
                               index.html
                     http://www.oversight.house.gov


                     U.S. GOVERNMENT PRINTING OFFICE
45-220 PDF                 WASHINGTON DC:  2008
---------------------------------------------------------------------
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512ï¿½091800  
Fax: (202) 512ï¿½092104 Mail: Stop IDCC, Washington, DC 20402ï¿½090001

              COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM

                 HENRY A. WAXMAN, California, Chairman
TOM LANTOS, California               TOM DAVIS, Virginia
EDOLPHUS TOWNS, New York             DAN BURTON, Indiana
PAUL E. KANJORSKI, Pennsylvania      CHRISTOPHER SHAYS, Connecticut
CAROLYN B. MALONEY, New York         JOHN M. McHUGH, New York
ELIJAH E. CUMMINGS, Maryland         JOHN L. MICA, Florida
DENNIS J. KUCINICH, Ohio             MARK E. SOUDER, Indiana
DANNY K. DAVIS, Illinois             TODD RUSSELL PLATTS, Pennsylvania
JOHN F. TIERNEY, Massachusetts       CHRIS CANNON, Utah
WM. LACY CLAY, Missouri              JOHN J. DUNCAN, Jr., Tennessee
DIANE E. WATSON, California          MICHAEL R. TURNER, Ohio
STEPHEN F. LYNCH, Massachusetts      DARRELL E. ISSA, California
BRIAN HIGGINS, New York              KENNY MARCHANT, Texas
JOHN A. YARMUTH, Kentucky            LYNN A. WESTMORELAND, Georgia
BRUCE L. BRALEY, Iowa                PATRICK T. McHENRY, North Carolina
ELEANOR HOLMES NORTON, District of   VIRGINIA FOXX, North Carolina
    Columbia                         BRIAN P. BILBRAY, California
BETTY McCOLLUM, Minnesota            BILL SALI, Idaho
JIM COOPER, Tennessee                JIM JORDAN, Ohio
CHRIS VAN HOLLEN, Maryland
PAUL W. HODES, New Hampshire
CHRISTOPHER S. MURPHY, Connecticut
JOHN P. SARBANES, Maryland
PETER WELCH, Vermont

                     Phil Schiliro, Chief of Staff
                      Phil Barnett, Staff Director
                       Earley Green, Chief Clerk
                  David Marin, Minority Staff Director

  Subcommittee on Government Management, Organization, and Procurement

                   EDOLPHUS TOWNS, New York, Chairman
PAUL E. KANJORSKI, Pennsylvania      BRIAN P. BILBRAY, California
CHRISTOPHER S. MURPHY, Connecticut   TODD RUSSELL PLATTS, Pennsylvania,
PETER WELCH, Vermont                 JOHN J. DUNCAN, Jr., Tennessee
CAROLYN B. MALONEY, New York
                    Michael McCarthy, Staff Director


                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on October 18, 2007.................................     1
Statement of:
    Alsbrooks, Kathryn K., director, U.S. Federal programs, 
      Lasercard Corp.; Neville Pattinson, vice president, 
      Gemalto, Inc., representing the Secure ID Coalition; and 
      Reed Stager, Digimarc Corp., representing the Document 
      Security Alliance..........................................    46
        Alsbrooks, Kathryn K.....................................    46
        Pattinson, Neville.......................................    54
        Stager, Reed.............................................    69
    Kraninger, Kathy, Director, Screening Coordination Office, 
      U.S. Department of Homeland Security, accompanied by 
      Michael Everitt, Director, Forensic Document Laboratory, 
      Immigration and Customs Enforcement, U.S. Department of 
      Homeland Security; Benjamin Brink, Assistant Public Printer 
      for Security and Intelligent Documents, Government Printing 
      Office; David Temoshok, Director, Identity Policy and 
      Management for the Office of Government-wide Policy, 
      General Services Administration; and Bonnie Rutledge, 
      Director, Vermont Department of Motor Vehicles.............     7
        Brink, Benjamin..........................................    17
        Kraninger, Kathy.........................................     7
        Rutledge, Bonnie.........................................    30
        Temoshok, David..........................................    23
Letters, statements, etc., submitted for the record by:
    Alsbrooks, Kathryn K., director, U.S. Federal programs, 
      Lasercard Corp., prepared statement of.....................    49
    Brink, Benjamin, Assistant Public Printer for Security and 
      Intelligent Documents, Government Printing Office, prepared 
      statement of...............................................    19
    Kraninger, Kathy, Director, Screening Coordination Office, 
      U.S. Department of Homeland Security, prepared statement of    10
    Pattinson, Neville, vice president, Gemalto, Inc., 
      representing the Secure ID Coalition, prepared statement of    57
    Rutledge, Bonnie, Director, Vermont Department of Motor 
      Vehicles, prepared statement of............................    32
    Stager, Reed, Digimarc Corp., representing the Document 
      Security Alliance, prepared statement of...................    72
    Temoshok, David, Director, Identity Policy and Management for 
      the Office of Government-wide Policy, General Services 
      Administration, prepared statement of......................    25
    Towns, Hon. Edolphus, a Representative in Congress from the 
      State of New York, prepared statement of...................     3


                TECHNOLOGY FOR SECURE IDENTITY DOCUMENTS

                              ----------                              


                       THURSDAY, OCTOBER 18, 2007

                  House of Representatives,
            Subcommittee on Government Management, 
                     Organization, and Procurement,
              Committee on Oversight and Government Reform,
                                                    Washington, DC.
    The subcommittee met, pursuant to notice, at 2:05 p.m., in 
room 2247, Rayburn House Office Building, Hon. Edolphus Towns 
(chairman of the subcommittee) presiding.
    Present: Representatives Towns, Welch, and Bilbray.
    Staff present: Michael McCarthy, staff director; Cecelia 
Morton, clerk; and Charles Phillips, minority counsel.
    Mr. Towns. The hearing will come to order.
    Today's hearing will examine the important topic of how to 
make a secure identification card. On issues like identity 
theft, immigration and homeland security, there have been 
repeated calls for a secure or a tamperproof ID. I have heard a 
lot of discussion but have been short on details. How do you 
make an ID tamperproof? What is the tradeoff between security 
and privacy? How much is it going to cost?
    I hope we can answer some of those questions today. After 
all, this is an issue that affects everyone in this country. 
Whether you are trying to board a plane, cross the border or 
fill out your payroll forms, you will be asked for 
identification. We have to make sure this ID can't be forged or 
misused, and we also have to make sure that we respect privacy 
and spend efficiently.
    One of the problems is that there are so many forms of ID 
issued by different parts of the Federal and State governments. 
This issue came up for me recently when I was at the airport in 
Orlando, FL, going through security. They asked me for my ID. 
So, I showed them my congressional ID, and they said, ``No, we 
don't take that here. You can't go through here with that.'' 
So, fortunately, a supervisor with some understanding and, 
maybe, sense was daring to let me go through, but it highlights 
the need for more consistency in how ID cards are recognized.
    There are a lot of reasons not to have a national ID card, 
but what I think we do need are some common standards so that 
airport screeners or police officers can easily tell whether an 
ID is legitimate. I think we can also eliminate the overlap 
between some of these programs, both to save the government 
some money, and also so that people don't have to carry around 
so many cards.
    I see plenty of overlap out there. GHS has three different 
programs issuing cards to frequent border crossers. The Federal 
Government is issuing SmartCards to its employees and 
contractors under the HSPD-12 program and is issuing SmartCards 
to transportation workers under an entirely separate program. 
There have been some efforts to combine programs, which is a 
good step.
    The director of the Vermont Department of Motor Vehicles is 
here today to discuss Vermont's plan to issue a combined 
driver's license and border crossing card. Our witnesses today 
will also talk about advanced ID technology like SmartCards and 
radio frequency identification. These technologies can increase 
security, but it comes at a cost. Not only are the cards more 
expensive, but they require a whole infrastructure of data 
bases and readers to be used to their full potential.
    The Federal Government is promoting these SmartCard 
programs, and I'd like to hear whether this is something the 
States should be doing as well. Also, I'm worried that all of 
the security is going into the chips, so if the computers don't 
work and the cards are checked by hand, they could actually 
provide less security. That is a real concern.
    Overall, I hope today's hearing will put into focus the 
policy decisions that need to be made about ID cards: balancing 
security, cost, and privacy. We are building a record on these 
issues because they are not going away any time soon, and I 
think we are all agreed to that.
    [The prepared statement of Hon. Edolphus Towns follows:]

    [GRAPHIC] [TIFF OMITTED] T5220.001
    
    [GRAPHIC] [TIFF OMITTED] T5220.002
    
    Mr. Towns. I now recognize the ranking member of this 
subcommittee, the gentleman from California, Mr. Bilbray.
    Mr. Bilbray. Thank you very much, Mr. Chairman.
    First of all, Mr. Chairman, I'd ask that I be allowed to 
introduce the gentleman from Ohio to introduce his testimony on 
this item.
    Mr. Towns. Without objection.
    Mr. Bilbray. Mr. Chairman, let me first thank you very much 
for holding this hearing but not just this hearing. I want to 
make a public statement that I may regret in the future, but I 
am very proud to serve with you on this committee. With all the 
talk around this country of why there aren't more bipartisan 
efforts made for the good of America in Washington, I think 
your committee is a shining star we can use as an example, and 
I challenge anyone to show me anybody in Washington who works 
as bipartisan for the common good as your committee does. I 
want to thank you for that, and that really reflects your 
leadership and your personal commitment to caring more about 
outcome than partisan advantage, and I want to say that 
publicly.
    Mr. Towns. Thank you.
    Mr. Bilbray. The other issue, Mr. Chairman, as somebody who 
comes from local government and in the 5-year sabbatical that 
the voters gave me in the early days, as my kids say, I was 
able to work on the REAL ID bill with both sides of the aisle. 
The one thing that, I think, we learned was that there was not 
a conflict between privacy and security. In fact, there can be 
no secure privacy without a secure system. History has shown 
that the greatest violation of privacy is when people are able 
to steal someone's ID, be it name, be it Social Security number 
or other, and not have a system where they get caught because 
we do not have a secure identification system that is able to 
block the repetitive use of somebody's identity. Ask anyone who 
has been a victim of that, of identity theft. It would sure be 
nice to have a secure system that the hackers can't get into.
    Just to reflect on the commonality of our efforts here 
between the Chair and the ranking member, Mr. Chairman, just 
this week, the security guards at Fort Belvoir did not want to 
recognize my congressional ID at a military installation, 
mostly because, they say, ``We've never seen it before.'' So I 
think that this is an effort of looking at the best available 
technology and how we can move forward.
    Let me just say this as a challenge to those of us who are 
in the system: as somebody who has been in government ever 
since I was 25 years old as a city council member, those of us 
in government really need to look at the private sector with 
their breakthrough, but as has been said before, doggone it, if 
we can go anywhere in the world, Mr. Chairman, anywhere in the 
world, take a card, stick it in, punch a couple of numbers and 
that little machine in El Salvador or in Russia knows how much 
money we have in what bank and where and can get us our money 
out, if that can work anywhere in the world, doggone it, we 
should be able to have a system that works here in the United 
States.
    It is a challenge for us to say how we can improve on that 
and build on that, so I look forward as this being the first 
step of a very, very aggressive policy. Since 9/11, I think we 
all agree we haven't done enough in this field. We need to do 
more. The 9/11 Commission said quite clearly this was a 
critical component that was lacking and that needed to be 
filled, and hopefully, in working with your leadership, Mr. 
Chairman, we will be able to fulfill that mandate from the 9/11 
Commission for the good of the American people.
    I yield back.
    Mr. Towns. Thank you very much, and also, thank you for 
your kind words as well. Thank you.
    At this time, I yield to Congressman Welch.
    Mr. Welch. Thank you very much, Mr. Chairman and ranking 
member.
    You know, this is my first time in Congress, and I used to 
watch on C-SPAN when Members of Congress would give their 
statements and brag about their colleagues from their home 
States, and I'm getting a chance to do it.
    Bonnie Rutledge is the Commissioner of Motor Vehicles in 
Vermont, and I really am proud of her. She runs the department. 
She has been, really, a lifelong career public servant. 
Everybody who has a problem calls her, from the Governor to my 
next-door neighbors, and Vermont is kind of a small place, 
650,000, Mr. Chairman, and I know you're from a State that has 
a few more people than that, and in our State----
    Mr. Bilbray. How many people in the State?
    Mr. Welch. 650,000, and Bonnie knows them all, and I'm not 
kidding. I was late one time filing for my driver's license, 
and I think Bonnie called me up and asked me if I'd forgotten 
to do something, so we get good service.
    This topic is so important, the secure IDs, but also in 
Vermont, along with a lot of the northern border States, we 
have these extraordinary relationships with our friends in 
Canada, and it ranges from business--Canada is our second 
largest trading partner or, I guess, the largest trading 
partner, and there's commerce back and forth.
    We've got one house up in northern Vermont that is partly 
in Vermont and partly in Canada. We have kids who play on 
hockey teams up there, and they're back and forth all the time 
for their little league hockey games. We have to find some 
practical way that doesn't compromise those good relationships 
that we have with Canada, both economic and social, and Bonnie 
Rutledge is at the forefront of doing that.
    So I'm very grateful to your services. It is really nice of 
you to come down here and give us the benefit of your years and 
experience.
    Mr. Chairman, I really thank you.
    Mr. Towns. Thank you. Thank you very much.
    Before we get started, we want to ask our witnesses to 
stand. We swear our witnesses in here.
    [Witnesses sworn.]
    Mr. Towns. Let the record reflect that all of the witnesses 
answered in the affirmative.
    Let me introduce our first panel. Kathy Kraninger is the 
Director of the Screening Coordination Office at the Department 
of Homeland Security where she is responsible for coordinating 
DHS' identification program.
    Welcome. We are delighted to have you.
    Benjamin Brink is the Assistant Public Printer for Security 
and Intelligent Documents at the Government Printing Office. 
Mr. Brink is also a captain in the Navy Reserve and has been 
called up to serve in Afghanistan in the coming year.
    Welcome, and we thank you for your service both in terms of 
our country and, of course, for the Printing Office as well.
    David Temoshok is the Director for Identity Policy and 
Management for the Office of Government-wide Policy at the 
General Services Administration.
    Welcome.
    Finally, Bonnie Rutledge, who has already had an 
introduction, and of course, I will want to give her another 
one as well. She traveled all the way from Vermont, as you 
heard, to be with us today, where she is the director of the 
Vermont Department of Motor Vehicles.
    Your entire statements, everybody, will be in the record, 
so I will ask each witness to summarize their testimony within 
the time we have established for each of you, which is 5 
minutes. Now, first, there will come a yellow light that says, 
you know, ``caution,'' and then all of a sudden, there will 
come a red light. When that red light comes on, that means 
``stop,'' you know, and of course, remember the procedure--
green, yellow, red.
    OK. Thank you very much.
    You may start, Ms. Kraninger.

STATEMENTS OF KATHY KRANINGER, DIRECTOR, SCREENING COORDINATION 
 OFFICE, U.S. DEPARTMENT OF HOMELAND SECURITY, ACCOMPANIED BY 
   MICHAEL EVERITT, DIRECTOR, FORENSIC DOCUMENT LABORATORY, 
    IMMIGRATION AND CUSTOMS ENFORCEMENT, U.S. DEPARTMENT OF 
HOMELAND SECURITY; BENJAMIN BRINK, ASSISTANT PUBLIC PRINTER FOR 
SECURITY AND INTELLIGENT DOCUMENTS, GOVERNMENT PRINTING OFFICE; 
 DAVID TEMOSHOK, DIRECTOR, IDENTITY POLICY AND MANAGEMENT FOR 
    THE OFFICE OF GOVERNMENT-WIDE POLICY, GENERAL SERVICES 
    ADMINISTRATION; AND BONNIE RUTLEDGE, DIRECTOR, VERMONT 
                  DEPARTMENT OF MOTOR VEHICLES

                  STATEMENT OF KATHY KRANINGER

    Ms. Kraninger. Good afternoon, Mr. Chairman, Congressman 
Bilbray and Congressman Welch. It is a pleasure to be here 
today and to represent the Department of Homeland Security.
    We do have a number of ongoing efforts to secure 
identification documents, thereby improving the way we screen 
people and process them through our operations. Identity 
documents provide one means of demonstrating with varying 
levels of assurance that individuals are who they say they are, 
and as such, they form the basis of this screening process.
    It is worth noting that Secretary Chertoff established my 
office, the Screening Coordination Office, to integrate DHS 
screening and credentialing activities. We recognize many of 
the efforts that you have noted do seem to be either disaligned 
or not rationalized and focused, and for that reason, we want 
to make sure that our efforts are enhancing our missions to 
keep dangerous people and goods out of the United States and to 
secure critical infrastructure. Many of you are very familiar 
with our operations, but it certainly helps sometimes to hear 
it in numbers terms.
    Customs and Border Protection admits 420 million people to 
this country every year, 88 million of them by air alone. Every 
day, as Chairman Towns knows, too, we process through TSA 
screening checkpoints nearly 2 million people, and every year, 
U.S. Citizenship and Immigration Services processes 7 million 
immigration benefits applications, so we do encounter a number 
of individuals through our processes as well as the 
requirements that have come down since September 11th for 
critical infrastructure workers, with the transportation 
workers' identification credentials. With the chemical sector 
security law, as well, that passed, there are a number of 
critical sectors that are covered, and those individuals have 
to undergo background checks that are done at the Federal 
level. So these are all programs that are based around 
identity, and that may result in the issuance of a credential.
    So, given the number of individuals that DHS encounters 
every day, we are constantly evaluating and improving our 
processes and asking ourselves ``How do we effectively process 
these travelers and these applicants while identifying those 
among them, the very small percentage among them, who present a 
threat?'' and more specifically, ``How do we deter or intercept 
terrorists who are willing to die for their cause? How do we do 
that without unduly impacting the lives of everyone else or 
without bringing trade and travel to a screeching halt?''
    As you noted, Congressman, the 9/11 Commission pressed the 
importance of this issue, ``Sources of identification are the 
last opportunity to ensure that people are who they say they 
are and to check whether they are terrorists,'' and also, ``For 
terrorists, travel documents are as important as weapons.''
    Indeed, when we investigated the 9/11 attacks, we 
discovered that 18 of the 19 perpetrators had been issued U.S. 
identification documents and that some of these documents had 
been obtained fraudulently, and many of those were driver's 
licenses and, in fact, a number of driver's licenses held by 
each individual.
    As noted, DHS does have a number of high-profile screening 
programs that are underway, and what needs to be pressed is 
that the business case for these programs drives the technology 
decisions that are made. You will hear today from a number of 
witnesses--the colleagues on this panel who produce a number of 
documents even for the Department of Homeland Security, the 
State of Vermont that is in a partnership with us to produce an 
Enhanced Driver's License and is committed to implementing, 
potentially, REAL ID and, as well, the second panel that will 
cover a number of physical security features that are critical 
to securing the document, itself.
    My statement notes some of those things, and I can 
certainly, in questions, go into the features that are in the 
documents that DHS issues, but in the interest of time and 
recognizing the chairman's note about 5 minutes, I will not go 
into that at this time. I will, however, make the case, at 
least, for one key program area, and again, we are using a 
number of different technologies based on the business cases 
presented.
    So, with one example in my oral statement and the rest in 
my written, I would like to talk about, very briefly, the 
Western Hemisphere Travel Initiative [WHTI].
    WHTI requires the institution of a secure document that 
denotes identity and citizenship, for entering the United 
States right now through land and sea ports of entry. Today, we 
do not have a document requirement, though, certainly CBP 
officers, Customs and Border Protection officers, are 
requesting some demonstration of identity and citizenship for 
most individuals who enter the land border but not all. We see 
over 8,000 different documents, and CBP officers have the 
challenge of determining which are legitimate and which are not 
today.
    This is a huge challenge to law enforcement and to these 
officers, and from a business standpoint, DHS is faced with the 
challenge of determining whether or not these individuals 
should enter the United States, and it is, roughly, 1 million 
people a day. Recognizing that at the same time we face this 
security imperative, we have to deal with the facilitation of 
that legitimate trade and travel. So, from that standpoint, we 
have made a choice with respect to technology that will enable 
us to meet our security mission and this facilitation need, and 
that's the use of vicinity RFID technology, building upon our 
trusted traveler programs that, today, involve 300,000 people 
who cross the border and who use those cards successfully.
    So that's just one example of one of the business and 
technology decisions that we have made, and we have others, and 
I'm happy to take questions from you as we get to that point in 
the hearing.
    Mr. Towns. Thank you very much for your testimony.
    [The prepared statement of Ms. Kraninger follows:]

    [GRAPHIC] [TIFF OMITTED] T5220.003
    
    [GRAPHIC] [TIFF OMITTED] T5220.004
    
    [GRAPHIC] [TIFF OMITTED] T5220.005
    
    [GRAPHIC] [TIFF OMITTED] T5220.006
    
    [GRAPHIC] [TIFF OMITTED] T5220.007
    
    [GRAPHIC] [TIFF OMITTED] T5220.008
    
    [GRAPHIC] [TIFF OMITTED] T5220.009
    
    Mr. Towns. Mr. Brink.

                  STATEMENT OF BENJAMIN BRINK

    Mr. Brink. Thank you, Mr. Chairman, Congressman Bilbray and 
Congressman Welch, for inviting the Government Printing Office 
to appear here today to discuss technology for secure identity 
products.
    I am Ben Brink, Assistant Public Printer for Security and 
Intelligent Documents. As the chairman mentioned, I'm soon off 
to Afghanistan and so won't be available for follow-on 
questions.
    If I may introduce my colleague behind me, Reynold 
Schweickhardt, who is the Chief Technology Officer for GPO, he 
can be available to you or your staff for any followup.
    Before receiving my orders, I headed GPO's Security and 
Intelligent Documents' Business Unit, which was formed to 
produce the electronic passport, or e-Passport, for the State 
Department and to produce other Federal products containing 
both print and electronic security measures.
    GPO has been the government's printer for more than a 
century. Today, our fastest growing product line is Security 
and Intelligent Documents. We've produced these documents in a 
trusted, government-controlled environment, using a secure 
supply chain, secure technology and secure personal 
information.
    As of this date, the e-Passport represents the majority of 
our business; although, we project a growing business in 
SmartCards and other secure identification documents. We have 
recently received a requisition for SmartCards from the 
Department of Homeland Security. GPO has been producing 
passports since 1926. Today's passport resulted from a 2001 
standard issued by the International Civil Aviation 
Organization. Development was underway at the time of 9/11 and 
has accelerated quickly afterwards. The first U.S. e-Passport 
was issued to the Secretary of State in 2005, and GPO completed 
its conversion to e-Passport production in May 2007. Today, 
more than 15 million U.S. e-Passports have been issued, more e-
Passports than all other nations combined, and GPO is currently 
producing more than 550,000 per week to meet unprecedented 
citizen demand.
    The principle behind securing the e-Passport is a series of 
layered features, including numerous overt and covert physical 
features embedded in the design, print, chemistry, paper, inks, 
and threads of each passport page. In addition, electronic 
security features are embedded in each e-Passport, using an 
integrated circuit. This chip, designed, tested and proven 
secure under the most challenging conditions, contains the same 
personal information that is printed on the data page of the 
Legacy Passport, including a digital photograph.
    I've brought samples of these products for question time, 
and can make those available to the committee.
    Our e-Passport program has given us expertise to create an 
expanding family of e-credentials, using proven e-Passport 
physical design and electronics. We are now assisting Federal 
agencies in meeting the requirements of HSPD-12 and other 
Federal SmartCard programs.
    SmartCards use the same principle of layered security 
adapted for plastic materials. SmartCards are composed of 
layers of material with both printed features and a 
programmable chip and antenna. In addition to designing 
SmartCards, GPO is procuring the capability to personalize 
SmartCards, the process by which the personalized data is 
printed on the SmartCard, and its chip is programmed with 
identity information, biometric data and permissions.
    Today, GPO has designed the security printing for two card-
based identification systems--the most recent, the Trusted 
Traveler, the SENTRI and the NEXUS cards--for the Department of 
Homeland Security. Again, I have a picture of that which I can 
show you later. It confirms identity and speeds border crossing 
for our preregistered travelers between the United States, 
Canada and Mexico. GPO has also designed the artwork in 
nonelectronic security features for the new Department of 
Defense Common Access Card [CAC], and I have a sample of that 
as well. It is the ID card which is used for all U.S. service 
personnel. This card provides both visual and electronic 
identification as well as physical and logical access to 
buildings and systems using its electronics. GPO has also 
assisted the Social Security Administration in designing the 
new security features of its new nonelectric Social Security 
Card.
    When a SmartCard is read, the transmission of the identity 
information is often protected by a Public Key Infrastructure 
encryption, ensuring the highest level of protection for 
electronic information. GPO has recently been designated as a 
Shared Services Provider for PKI, one of the two civilian 
agencies with that designation.
    Our Security and Intelligent Documents' consulting and 
design services have been sought by the State Department, the 
Department of Defense, the Department of Homeland Security, the 
FBI, the Coast Guard, and the Social Security Administration. 
We have also made recommendations to the REAL ID Standards 
Committee, participating through the Document Security Alliance 
where one of our security document experts sits on the board. 
GPO adds value to our consulting services by guiding policy 
formulation in organizations focused on national document 
policy.
    Mr. Towns. Thank you very much, Mr. Brink, for your 
testimony.
    [The prepared statement of Mr. Brink follows:]

    [GRAPHIC] [TIFF OMITTED] T5220.010
    
    [GRAPHIC] [TIFF OMITTED] T5220.011
    
    [GRAPHIC] [TIFF OMITTED] T5220.012
    
    [GRAPHIC] [TIFF OMITTED] T5220.013
    
    Mr. Towns. Mr. Temoshok.

                  STATEMENT OF DAVID TEMOSHOK

    Mr. Temoshok. Good afternoon, Chairman Towns.
    Mr. Towns. Do you want to pull that mic over to you? Thank 
you.
    Mr. Temoshok. Good afternoon, Chairman Towns, Congressman 
Bilbray and Congressman Welch. Thank you for the opportunity to 
participate in today's hearing on behalf of the General 
Services Administration.
    Homeland Security Presidential Directive 12 was signed by 
the President in August 2004. It established the requirements 
for a common identification standard and credentials to be 
issued by Federal agencies to Federal employees and contractors 
to gain physical access to Federal facilities and logical 
access to systems and networks. The directive specified that 
the technical requirements for the secure credential meet four 
control objectives.
    The credential should be, first, issued based on strong 
criteria for the verification of an individual's identity; 
second, strongly resistant to identity fraud, tampering, 
counterfeiting, and terrorist exploitation; third, able to be 
authenticated electronically; and fourth, issued only by 
providers whose reliability has been established by an official 
Government accreditation process.
    Significant strides have been made to deploy a very complex 
set of technologies for HSPD-12 cards and credentials in an 
effective and cost-efficient manner that is sustainable into 
the future. The National Institute of Standards and Technology 
[NIST], was directed by the Presidential directive to create 
standards and requirements for the security and the 
interoperability of the cards and processes required for the 
Government-wide implementation of HSPD-12. Accordingly, NIST 
issued Federal Information Processing Standard, FIPS 201, the 
Personal Identity Verification Standard, in February 2005. GSA 
established the FIPS 201 Evaluation Program in May 2006 to 
evaluate commercial products and services for conformance to 
the requirements of FIPS 201. With NIST, we have established 23 
categories of products and services such as SmartCards, card 
readers, fingerprint scanners, card printing equipment, and the 
like, that require evaluation and testing for conformance to 
the FIPS 201 requirements.
    Commercial industry has responded quickly and effectively. 
There are now more than 300 compliant products approved for 
Government-wide use for the implementation of HSPD-12.
    To meet the mandates of the Presidential directive, NIST 
published requirements for HSPD-12 identification credentials 
in FIPS 201. The cards are tested and approved to meet the 
following requirements: They are SmartCards, incorporating at 
least one integrated circuit chip. The physical printing of the 
PIV cards provides for standard appearance and mandatory 
printed information. The PIV cards' integrated circuit chips 
possess the capability to perform data exchange interfaces in 
both contact and contactless modes. The PIV cards must contain 
the following digital credentials: A personal identification 
number, a cardholder unique identifier, a number, two 
fingerprint biometric templates, and cryptographic 
authentication credentials.
    For security and privacy protection, all PIV data stored on 
the integrated circuit chip may be accessed by contact 
interface only following card activation through successful PIN 
entry. Thus, the PIV cards provide for multiple digital 
credentials to accomplish electronic authentication as mandated 
by the Presidential directive. Depending upon the level of 
authentication assurance required for physical or logical 
access, PIV card credentials like the Personal Identification 
Number, the cardholder unique identifier, the biometric 
identifiers or the cryptographic credentials may be used singly 
or as multiple form factors to accomplish the highest levels of 
authentication assurance.
    To accomplish the second control objective of the 
Presidential directive, FIPS 201 requires both physically 
printed and electronic security controls for the PIV card. All 
PIV cards are required to contain security features that aid in 
reducing counterfeiting, are resistant to tampering and provide 
visual evidence of tampering attempts. Examples include laser 
etching, optically variable ink, micro-printing, holograms, 
holographic images, and watermarks.
    PIV cards also are required to possess the capability for 
electronic security controls using the cards' cryptographic 
functions. These controls include the validation of the PIV 
authentication certificate, the validation of the digitally 
signed objects on the card and the cryptographic challenge 
response using the cryptographic functions. This represents the 
highest level of security and anticounterfeiting technologies.
    Mr. Towns. Thank you very much for your testimony.
    [The prepared statement of Mr. Temoshok follows:]

    [GRAPHIC] [TIFF OMITTED] T5220.014
    
    [GRAPHIC] [TIFF OMITTED] T5220.015
    
    [GRAPHIC] [TIFF OMITTED] T5220.016
    
    [GRAPHIC] [TIFF OMITTED] T5220.017
    
    [GRAPHIC] [TIFF OMITTED] T5220.018
    
    Mr. Towns. Ms. Rutledge.

                  STATEMENT OF BONNIE RUTLEDGE

    Ms. Rutledge. Thank you. Good afternoon, Chairman Towns and 
other distinguished members of the committee.
    My name is Bonnie Rutledge, and I am the Commissioner of 
the Department of Motor Vehicles for the State of Vermont. I 
have been with the Department for 37 years. I am also a former 
chair of the board for the American Association of Motor 
Vehicle Administrators, and I wish to thank you for the honor 
to be here today and to give testimony on what Vermont is doing 
to enhance our driver's license for uses other than a document 
indicating the individual has been licensed to drive.
    Even though the original intent of the driver's license was 
just to license an individual to operate a motor vehicle, over 
the years, it has become the most widely accepted form of 
identification. While credentials can be made as tamperproof as 
possible, if the issuance process for the major identification 
cards is not made more secure, the preponderance of identity 
document fraud will continue.
    Most fraud is committed by criminals enrolling in a system 
under a false identity. Before an agency can issue a secure 
credential, sound technology and policies, procedures and 
business systems must be in place. The privilege of retaining 
ones driver's license has been used to assure taxes are paid, 
that child support obligations are met, to provide the 
opportunity for one to register to vote, and other similar 
uses. With these added responsibilities, it has become most 
important that making sure the individual obtaining that 
license is who they say they are and then, once the document is 
issued, that it is secure.
    Long before the tragic events of 9/11, Vermont began taking 
steps to verify identity and to produce a secure document. The 
most recent responsibility our State has accepted is to issue 
an Enhanced Driver's License that will allow Vermont citizens 
who qualify to use the driver's license as an approved 
alternative document for reentry into the United States at land 
and sea borders between the United States, Canada, Mexico, 
Bermuda, and the Caribbean. This agreement between the State of 
Vermont and the Department of Homeland Security was to preserve 
travel, trade and cultural ties, in particular between Vermont 
and Quebec, and to assist with increased security at the border 
while allowing less time for legitimate citizens to cross the 
border.
    Currently, Vermont driver's licenses are produced over the 
counter, and the customer leaves with the document. The 
Enhanced Driver's License will be produced in a central issue 
environment. The customer will be given a temporary license 
while the necessary identity and immigration verification 
checks are completed, and the enhanced license will be mailed 
within a week to 10 days. Current Vermont cards are compliant 
with the material and design standards of the American 
Association of Motor Vehicle Administrators' card security 
framework, a national driver's license card security standard. 
Vermont uses watermarking, micro-printing, fine-line 
background, Tri-Color Polasecure with U.V.--which incorporates 
three-color graphic designs printed on the inside of the 
laminate and ultraviolet sensitive inks--redundant data, 
overlapping graphics, ghost image, bar code, and magnetic 
stripe along with various covert and overt features shared only 
with law enforcement. The ultra-high frequency, passive 
vicinity RFID tag and machine readable zone, as well as the 
designation of the Enhanced Driver's License, will be added to 
the Enhanced Driver's License.
    Ultra-high frequencies typically offer better range and can 
transfer data faster than low and high frequencies. Passive 
RFID tags do not have a power source. They draw power from the 
RFID reader to energize the microchip circuits. The antenna 
enables the tag to transmit the information on the chip to a 
reader. The reader converts the radio waves reflected back from 
the RFID tag into digital information that can be passed on to 
computers to make use of it.
    The vicinity RFID tag will be read by the border crossing 
agent as a licensee approaches the border checkpoint. This will 
allow the process of verification to begin prior to the 
individuals' actually presenting themselves to the agent. The 
RFID chip will not retain any information other than a unique 
identifying number that will access the Vermont DMV data base 
to retrieve the information contained on the front of the 
Enhanced Driver's License identification card. Data encryption, 
secure networks and firewalls will protect the transmission of 
the information. For added security, the DMV will provide a 
security sleeve to protect the RFID tag from being read when 
the cardholder is not at a border crossing station. The DMV 
will fully disclose the nature of the RFID, its purpose, 
content and security to all Enhanced Driver's License 
identification card applicants and interested parties. The MRZ 
will contain the information that is on face of the license and 
will be used at all crossings that are not RFID-enabled.
    With the impending requirement for a passport for all 
border crossings, Vermont felt it was timely to enter into this 
agreement. There have also been discussions with Homeland 
Security regarding the time of the passport requirement and the 
implementation date for our new licenses as well as for the use 
of the Enhanced Driver's License for domestic air travel in the 
future. It is also Vermont's desire that the Enhanced Driver's 
License would complement the REAL ID requirements and are 
awaiting the final rule to be published.
    I've submitted a more detailed document in writing 
regarding Vermont's business processes for issuing licenses and 
the technology employed.
    Once again, I thank you for the opportunity to speak on 
this very important topic.
    [The prepared statement of Ms. Rutledge follows:]

    [GRAPHIC] [TIFF OMITTED] T5220.019
    
    [GRAPHIC] [TIFF OMITTED] T5220.020
    
    [GRAPHIC] [TIFF OMITTED] T5220.021
    
    [GRAPHIC] [TIFF OMITTED] T5220.022
    
    Mr. Towns. All right. Thank you very much.
    Let me thank all of you for your testimony.
    I'll, I guess, begin by first saying: Do you feel that 
costs might be something that would permit us from moving 
forward in a very aggressive fashion?
    We'll start with you, Ms. Kraninger.
    Ms. Kraninger. Certainly.
    Cost is certainly a factor as we look at the way in which 
we move forward with these programs, particularly from a number 
of vantage points. First, you start with the business case by 
saying, ``What is the level of security that is required? What 
is the risk that is posed? Then what exactly will counter that 
risk in terms of what is available today and for what cost?''
    If you take a sector like the Transportation Worker 
Identification Card--which I also do have an example here for 
you to see and some other exemplars of fraudulent documents 
after the hearing if there's interest--the TWIC card, it's 
being issued based on a legislative mandate to secure access to 
secure areas of ports. Given that critical need and the need to 
do a full background check, an immigration status check, a 
terrorist watch list check, and to collect ten fingerprints 
from and a photograph of each of the maritime workers who will 
get a TWIC card, that translated into the need for also a 
highly secure document that could be read in a decentralized 
way so that each facility, when they employ access control, can 
use this biometric card to actually use in their access control 
system.
    So this is a highly secure document, and it is a very--it's 
a shared process that follows the FIPS 201 standard that is in 
place, underlying HSPD-12, for Federal identity documents as 
well. So that's a very high level of security, a very high-risk 
area and something that is pertinent to a particular industry.
    When you look at the requirements that we will levy on 
driver's licenses and setting minimum standards under the REAL 
ID Act, there is a consideration there again about the risk, 
the state of the industry and what makes sense from a business 
standpoint, and we certainly took into consideration all of the 
comments that we received from the Departments of Motor 
Vehicles, including the DMV of Vermont when they said what was 
possible and what makes sense from a cost standpoint as well. 
So that is certainly a factor as we look at these things, as 
well as privacy considerations, that are all part of the 
decisionmaking process.
    Mr. Towns. All right. Thank you very much.
    Ms. Rutledge, first of all, let me salute you. I think 
you're taking the right step by combining the driver's licenses 
with the border crossing, but as I understand it, even this new 
driver's license will not necessarily comply with the REAL ID 
law; is that true?
    Ms. Rutledge. Well, I'm not sure, sir, because the final 
rules have not been published yet.
    What we have in place right now complies with the act, 
itself, and has been in compliance, but as far as the rules go, 
I don't know as yet. In discussions and in looking at the rules 
over the years and the proposed rules, we would not be in 
compliance. For one thing, our Enhanced Driver's License will 
be a voluntary program for those individuals who would qualify 
and who would want to have one. Under the REAL ID Act, 
everybody would be required to go through the reenrollment 
process, and for every State, that's where the huge cost comes 
in, not only to the Departments but also to the individuals, 
because they would be required to present themselves, once 
again, along with their identity documents to prove who they 
are--every driver and everyone getting an identity card.
    Mr. Towns. So you are hoping that we just won't get in your 
way.
    Ms. Rutledge. That is our hope.
    Mr. Towns. That's what I thought.
    Mr. Welch. Vermonters, Mr. Chairman.
    Mr. Towns. How about that? Right.
    Now, whether it is a border crossing card or an Enhanced 
Driver's License, there has been a lot of concern that data 
from RFID cards can be read by as much as 30 feet away.
    If citizens are carrying this card around with them, could 
their movements be tracked?
    Mr. Bilbray. Do you mean like a cell phone?
    Mr. Towns. Yes, like a cell phone.
    Ms. Kraninger. Mr. Chairman, I'm happy to take that 
question, and Bonnie can add with respect to Vermont's 
perspective on this as we've talked about it.
    I think, to Mr. Bilbray's point, there are certainly many 
ways that individuals can be tracked at that distance--by 
sight, by the driver's vehicle license plate and certainly by 
cell phones. So, when it comes to the risk/reward decision, 
each individual, as Bonnie noted, will be making this decision 
based on their own read of the situation.
    For our part in examining this technology in the business 
case, we determined that the best way to address this 
particular concern is by, one, putting it in perspective of 
other risks, but two, we are going to be giving out the 
document with a sleeve that is a protective sleeve, quite 
frankly. It blocks the transmission of the signal, and so the 
individual will have notice and understand the way the 
technology works and have the sleeve that they can keep their 
driver's license in if they're concerned about that particular 
issue and, thereby, can counter that.
    Mr. Towns. Anyway, let me yield to--I'm trying to figure 
would it be possible for--anyway, let me yield to my ranking 
member, because I have the clock on me there.
    Mr. Bilbray. Mr. Chairman, let me just make you feel 
better. As somebody who served on the subcommittee that did the 
telecommunications bill back in the 1990's, it was a Federal 
mandate that your phone has a GPS chip in it now that can be 
tracked even when it's off. So if that makes you feel any 
better----
    Mr. Towns. Right. Right.
    Mr. Bilbray. The other issue would be, obviously, those of 
us who have credit cards and that we're able to be tracked on 
that, so there are a lot of these convenience items that not 
only are part of the private sector, but the Federal Government 
mandated the phone tracking capabilities to be in our cell 
phones.
    So, Ms. Kraninger, the question is this. While we're 
talking about the use of technology and how it works or 
whatever, if there were any State--and I need to apologize to 
the chairman because we want to be bipartisan--but I am going 
to point out that, though our Governor, who is an immigrant, 
has fought strongly for securing the identification systems in 
California, I was very surprised to see the Governor of New 
York announce that he was going to eliminate the requirement 
for Social Security cards and was actually going to issue 
driver's licenses based on, purely, something like the 
passports that would have been one of those great black market 
items in there.
    Could you articulate at all if we've got a problem or could 
have a major problem with States' taking that kind of a step 
toward accepting the base documents for their identifications 
and how that affects the whole system?
    Ms. Kraninger. Certainly, we are concerned as we look 
across the States and recognize that many of them, including 
New York, have taken extensive steps in the past few years to 
further secure their driver's license issuance process: what 
they base the issuance on, how individuals are demonstrating 
identity and residency and legal presence, as well as the 
security features in the documents, themselves.
    Of course, with respect to this particular issue, the 
States are responsible primarily for ensuring driver safety, 
and while DHS has been intensely focused on secure 
identification and the security of the driver's licenses, we 
want to, first and foremost, focus on that identity portion. We 
want to make sure that front-line officers and all law 
enforcement can have confidence in the documents that are 
presented to them and that those documents are secure.
    When REAL ID takes effect, of course, we will not accept 
non REAL IDs, those documents that do not actually demonstrate 
legal presence for Federal purposes. So that includes boarding 
domestic flights and entering Federal facilities. So anything 
that conflicts with our efforts to increase secure 
identification is of great concern.
    Mr. Bilbray. You know, if there were ever a State that has 
been impacted by this more than anybody else that I know of in 
our world it is the State of New York. It is the great tragedy 
there. Wasn't this one of the real strong recommendations of 
the 9/11 Commission?
    Ms. Kraninger. It definitely was, yes, the implementation 
of REAL ID as well as the security of travel documents.
    Mr. Bilbray. Ms. Rutledge, the real leader in this that 
really is the unsung hero in so much of this stuff is, 
actually, your national organization, the AAMVA.
    Ms. Rutledge. Yes.
    Mr. Bilbray. I don't think the public even knows that, as 
far back as 1996, you guys were saying we need to have Federal 
leadership here working with the States and doing something 
about this, because the potential is out there, and it was 
almost, you know, such a perception over the horizon of what 
could happen on 9/11, and you guys did it in 1996, and I think 
a lot of people were shocked as to how much your national 
organization was able to get together the month after 9/11 and 
then tool it up and have the recommendations out there for the 
Federal Government, and I have to tell you, it was really 
cutting edge. I think anybody working day-to-day could see that 
this problem was eventually going to happen, and it's sad that 
we didn't listen to you guys in 1996, 1997, 1998, and it took 
9/11 to finally say: ``Maybe we ought to get involved with this 
stuff.''
    I am interested in your personal--because, I think, coming 
from local government--I mean, I served as a mayor. I was the 
chairman of San Diego County, a small, intimate group of 3 
million people in one county, but your State, to me, is really 
exciting, because you've got the size to really prove it 
through practical application.
    I just cannot perceive that you cannot be working with the 
Feds, and everything that I hear you're doing is going to 
fulfill REAL ID so that Americans don't have to carry their 
passports in their back pockets; their driver's licenses will 
be viable, but that's based on the security of that document, 
isn't it?
    Ms. Rutledge. And the process of issuing that document, 
sir, yes.
    Mr. Bilbray. Now, the question there as you were talking--
and if I may just followup on this, Mr. Chairman.
    You're still going to have those driver's licenses that are 
under that. Even if everyone doesn't opt into it, your citizens 
will have the opportunity to opt into this ID system, and those 
cards will be acceptable. As far as I know, Homeland Security 
said that will qualify. Right now, they're saying a passport or 
another recognized Federal, you know, document, and that will 
qualify. So your citizens who don't qualify for it, they won't 
be able to get on an airplane, open a bank account or cross the 
border with the old driver's licenses, but you will then have 
the opportunity in your State for your citizens to voluntarily 
get into this system so that they have the ability to 
participate in the program.
    Ms. Rutledge. For the Enhanced Driver's License, yes.
    Mr. Bilbray. OK. Madam Chair, I just think that there was 
a--Mr. Chairman, I would just say that I think this is a good 
example of where we can learn by doing, and it's really a great 
State to do it on because you're a manageable size. It's not 
like 35 million people in California, which is going to be some 
heavy lifting.
    Thank you very much. I yield back, Mr. Chairman.
    Mr. Towns. Thank you very much.
    I agree with you, because her State is the size of my 
congressional district.
    I yield to Congressman Welch.
    Mr. Welch. And her State is the size of my congressional--
her congressional district is the size of my State. I am going 
to take the opportunity to talk to Ms. Rutledge.
    We are doing an experimental program. You've worked with 
the Department of Homeland Security, and Mr. Chertoff came up 
and met with our Governor Douglas, a Republican and friend, and 
you have been given some permission, I guess, to do something 
on an experimental basis; is that right?
    Ms. Rutledge. Correct.
    Mr. Welch. I've two questions.
    One, maybe describe that very briefly; but two, there's 
another State that's doing that as well, and I think we're 
doing the same as they, and I'm wondering whether--this is 
really my second question: Do you think there might be some 
advantage to giving us in Vermont some flexibility outside of--
to do it our way? Obviously, it's in coordination with the 
Department, because the ultimate--the goal here is to have 
security but, also, ease of travel.
    So can you comment on those two questions?
    Ms. Rutledge. Absolutely.
    In my many years of working at Motor Vehicles, especially 
in a small State, I've figured out it's best for Vermont to 
either be first or last because, if you are first, you have the 
ability to help craft how the process is going to look, and 
Homeland Security has been working very closely with us to make 
sure whatever we do fits for us. We are not a California or a 
New York or others, but we do have a lot of things in place 
that, perhaps, those large States don't do.
    We have a very good working relationship with Immigration. 
On a one-to-one basis, we can call them to do a verification as 
opposed to having to do it electronically if we have to. So, 
because of our size, we do have a lot of pluses, and yes, we 
are doing it first so that we can help craft how it's going to 
look.
    Mr. Welch. Well, would you like to have any more 
flexibility? I mean how is it that we're doing it now? It's the 
same as what? Is it Washington?
    Ms. Rutledge. The State of Washington, yes.
    Mr. Welch. Right.
    Ms. Rutledge. We're pretty much following them. Our 
business plan may be a little bit different than theirs is, but 
there aren't a lot of differences.
    Mr. Welch. OK. Thank you.
    I yield back the balance of my time. Thank you.
    Mr. Towns. Thank you very, very, very, very, very, very 
much. You know, I still want to go back to this.
    Even if we see and feel that this is what needs to be done 
and we sort all of these things out, then we look at the costs, 
and we begin to back away because of costs.
    Mr. Temoshok, let me ask you: How do you feel about the 
general support system out there for--you know, once we know 
what we want to do and we look and we find out that it's going 
to cost a whole lot, what are we going to do then?
    Mr. Temoshok. Well, without question, cost is a factor in 
implementation. In the Federal Government for HSPD-12, because 
this was a Presidential directive, agencies are directed to 
implement these security provisions.
    One of the strategies for implementing HSPD-12 across 
government was to be able to facilitate how agencies implement 
the Presidential directive. Having every agency develop the 
infrastructure to issue SmartCards, to produce SmartCards, to 
manage that security process certainly would not be the most 
efficient or the most time-worthy means of implementing the 
directive.
    With the Office of Management and Budget, we designated 
agencies to offer shared services, to provide the 
infrastructure to comply with HSPD-12, to provide compliant 
Security Services' cards, the management of identities on 
behalf of Government agencies--the Department of Defense, the 
four branches of the military, the Department of State, for the 
agencies that are housed with them internationally, and the GSA 
for the rest of the civilian Government.
    Currently, we provide services to 67 agencies. It simply 
would not be economically feasible for those agencies to 
implement under this timeframe without using the GSA shared 
services. By aggregating requirements within the shared service 
offerings, we are able to consolidate and reduce the costs. 
It's still a factor, but we've significantly reduced the costs 
for complying with the Presidential directive for the agencies 
that are using the shared services. Presently, more than 65 
agencies use GSA's shared service. About a dozen agencies are 
implementing HSPD-12 systems on their own.
    Mr. Towns. Are you hearing people saying, ``Are the 
benefits worth the costs?'' That's my concern.
    Mr. Temoshok. Every agency in the government has not just 
one badging process and badging system but, potentially, many 
different badging systems. I would contend that all of the 
different, various badging programs currently cost much more 
than it will cost to comply with a single standard secure 
process under the Presidential directive.
    Does it warrant the cost? Do the benefits warrant the cost? 
The security of our facilities and the security--the secure 
access to our systems and networks is worth that cost.
    Mr. Towns. I yield to my ranking member for any further 
questions.
    Mr. Bilbray. Let me say I appreciate that. I think that as 
this comes up, the Federal Government does a lot of things 
that's not mandated in our constitutional obligations. We do a 
lot of stuff. One of those things is the interstate commerce 
clause and the national security clause. This falls right into 
that category, be it giving citizens the ability to cross 
international borders or to getting on airplanes or to opening 
bank accounts under the commerce clause or to stopping identity 
theft, and I mean this falls into this.
    I guess, Mr. Chairman, when we talk about costs, what was 
the cost of 9/11? The fact is, remember, the 9/11 terrorists 
were given driver's licenses by Virginia, so they did not have 
to show their Saudi Arabian passports, which then could have 
triggered a whole new--you know, a whole defensive mechanism.
    What is the cost of stolen identities here in the United 
States? It is huge, especially when you consider the fact of 
how many unlawfully present people have to falsify and steal 
IDs to be able to get employment services and a lot of other 
things. What does that cost in the long run?
    I think that, when we get into this cost of, you know, how 
important security is, we could go over and ask the Finance 
Committee about what was the cost for us upgrading our currency 
in this country. It was huge, but it's worth every cent.
    So I just have to say the one thing, though, is that I look 
at certain aspects of it like the Ag Department where they have 
170,000 employees but have only issued seven cards. We really 
are needing to lead it stronger than we have in the past, and 
that's a concern we have over there.
    Ms. Rutledge, I thought your State had some real problems 
with ID or were there some political repercussions of it in 
your State?
    Ms. Rutledge. No, not that I'm aware of.
    Mr. Bilbray. OK. I appreciate that. I know there are some 
States that are kind of goosey about it, but the more that I'm 
seeing States look at, you know, the new initiatives, you know, 
they're sort of realizing that REAL ID is a vehicle that we 
could work over on them.
    Mr. Towns. It was probably New York.
    Mr. Bilbray. Yeah, it was probably New York.
    Ms. Rutledge. Well, actually, since the announcement of the 
Enhanced Driver's License, we've been inundated with calls from 
people who want to know how soon they can get it.
    Mr. Bilbray. Well, let me just tell you, as somebody who 
spends a lot of time crossing a lot of different borders and 
international boundaries, too, that the convenience is one 
thing, and--I'll just say this to General Services that, I 
guess, it was the new visit system. Anyone who says that 
they're scared of the use of technology should talk to 
immigrants who are going through the visit system now. It is so 
refreshing to hear them. Immigrants or visitors who are coming 
back, they stick their passport in; they put their hand in, and 
they're told. And, it's none of these 50 questions and getting 
a cross-examination and feeling like a criminal. The immigrants 
and the visitors who use this technology just praise it right 
and left, and I think that it's one of those things that we 
ought to talk to our visitors about and see how the system is 
working.
    I will basically open up to one question, and that is: When 
can we see the Federal Government leading with this? What is 
our timeline? When will we get down there? Because basically, 
what I'm seeing is the States are going to lead, and maybe 
that's not bad as a local government guy, but when are we going 
to catch up? When are we going to have more than seven cards 
out there?
    Mr. Temoshok. The USDA is one of GSA's customers in the 
shared service that I described. We are in the process within 
GSA to implement enrollment stations across the country 
wherever we have customers, and since we will need to enroll 
over, currently, 800,000 employees and contractors into the 
HSPD-12 program, we will need enrollment stations all over the 
country. We are focusing in Washington, DC, first. Our target 
by October 2008 is to enroll all of our customers into the 
program and to issue cards to them.
    Mr. Bilbray. OK. Well, just to let you--I mean, I don't 
want to beat up on one. I mean, in Human Health Services, 
you've got over 100,000 employees there, and you've got four 
cards issued. For the archivists, they have 3,000 employees, 
and we have three cards issued. So I mean there is--we're here 
to sort of encourage you along. That's why they call us 
``oversight.''
    Thank you very much, Mr. Chairman.
    Mr. Towns. Thank you very much.
    I'm going to use the balance of your time. You had a little 
time left. I'm going to use it.
    Let me ask you, Mr. Brink. We saw a lot of problems this 
summer with passports, I mean huge problems, and the State 
Department just couldn't handle the increase in the 
applications caused by the new requirements, I mean, we 
received phone calls all over the place, and there was a 
backlog of several months. I'm worried about whether agencies 
are prepared to handle the logistics of issuing new ID cards to 
millions of people.
    What are the plans to handle big increases in volume or for 
HSPD-12 border crossing cards or even for State-issuing 
driver's licenses?
    Mr. Brink. Well, of course, GPO is the manufacturer of the 
card, and it's not directly involved in the issuing, but I 
think that points out both in the cost area and also in the 
issuing area that's the real key to the success of these 
programs. It's the adjudication of applications. It's the 
issuing logistics. We were able to keep up by the skin of our 
teeth, but we were able to keep up with the citizen demand with 
the manufacturer, but the backlog grew within that bow wave of 
citizen applications to get the new passports, and that's where 
the backup was, and that's clearly where we need to focus if 
we're going to keep up, is to provide the right sort of 
resources to that end of the whole production and issuance 
chain.
    Mr. Bilbray. Mr. Chairman, can I----
    Mr. Towns. Yes. Sure, I yield.
    Mr. Bilbray. Let me just followup on that.
    It seems that the bubble has been passed, though, and that 
the learning curve has picked up where--I think we agree that 
we're not getting the calls now, that it looks like you got up 
to steam. Maybe there was a learning curve there. Can we build 
on that learning process?
    On the flip side, that's one reason why I feel strongly 
about the States. If we can get the States to do the 
administration, the efficiency factor will be, as long as they 
can, you know, fulfill the minimum standards--we can really 
move. We can have the best of both worlds.
    Mr. Brink. I'd also like to compliment our customer, the 
Department of State. As you probably know, they brought 450 
counselors/officers back from overseas and hired 400 more 
people to deal with that bow wave, and as we were working 7 
days a week, they were working 7 days a week to get through 
that backlog.
    Mr. Bilbray. Well, good. If that's what it takes to serve 
the public, that's what we do.
    Mr. Towns. Let me raise one other issue very quickly before 
we let you go.
    One of the problems here is that there are so many 
different types of ID out there. They look different, and they 
use different technology. It's just not realistic to expect a 
bank teller or an airport screener or an employer to be 
familiar with all of them.
    Now, without creating a national ID, why can't we settle on 
one technology of a visual format to be a nationwide standard 
for ID documents issued by different Federal and State 
agencies? Because all of these different IDs out there--I mean, 
it's just going to continue to add confusion.
    I indicated to you that I was having trouble getting on an 
airplane in Orlando with my congressional ID. You know, 
fortunately, here in Washington, that's the thing that gets you 
on the plane, you know, but in Orlando, they have never seen 
that, and of course, they were not about to let me go through 
that line with that funny looking ID.
    Mr. Bilbray. In fact, Mr. Chairman, that was the intention 
of the REAL ID with the State IDs, but you're right. What about 
the Feds? Are we going to do our fair share with the same 
thing, with a common format?
    Mr. Towns. What do we do?
    Mr. Brink. That's probably yours because, clearly, HSPD-12 
is one of the attempts.
    Mr. Temoshok. I'll start because, for HSPD-12 and the 
Personal Identity Verification cards, there is a standard 
format in the physical topography of the card--what they will 
look like and what the printed information will contain as well 
as the information that needs to be contained and personalized 
on the integrated circuit chip--but the HSPD-12 standards 
specifically apply to the Federal Government. As a standard, it 
can be adopted by other Federal programs or programs outside of 
the Federal Government in order to conform to that established 
standard.
    Mr. Towns. Do you have any idea as to what we might do here 
in Congress to be able to move in that direction? Because I'm 
afraid that more IDs are going to be created, which leads to 
more confusion.
    Do you have any suggestions for us here in the Congress 
that we might do to be able to assist?
    Mr. Bilbray. Let's say it a little differently.
    Are you guys willing to live up to the standard that we set 
for the States?
    Mr. Towns. That's a better question.
    Mr. Bilbray. Well, it's basically what you're asking.
    Mr. Towns. I like that. I like that. I think that's putting 
it very succinctly.
    Mr. Bilbray. Are you guys ready to live up to the REAL ID 
standards?
    Mr. Temoshok. I'll address what we do for HSPD-12.
    Now, HSPD-12, the Presidential directive, was explicit in 
directing the Department of Commerce and the National Institute 
of Standards and Technology to develop the standards for the 
Federal Government's identity management, badging and 
credentialing program, and they've met that directive and have 
published those, as I indicated, as the Federal Information 
Processing Standard [FIPS], 201.
    Now, as we look at that and as we gear up all of the 
badging programs in the Federal Government and the readers who 
read those cards to meet those standards, it takes a 
significant effort, not just by the--and cost--not just to the 
Federal Government but to industry, and so industry has 
tailored their production and their products to those 
standards, which becomes very important, I think, both from our 
perspective in implementing from the Federal Government but 
potentially, also, from your standpoint in looking across--in 
looking beyond the Federal Government.
    Because of the cost of those high security devices, the 
cards as well as the readers are being driven down by 
conformance to a standard in the Federal Government.
    Mr. Towns. Let me thank all of you for your testimony.
    Mr. Bilbray. I wanted to say that we've had a good 
discussion here on certain aspects, and I think that the 
standards are one of those things.
    One of the things that the chairman's concerned about, and 
a lot of people are concerned about, is a national ID card 
becoming a mandated document. And, I think the chairman will 
remember, one of the big reasons why REAL ID was passed was 
that there was a recognition in Congress that you have two 
choices: Either a national ID card and identification or a 
national minimum standard that is administered by the States 
and the Federal Government separately and that the national 
minimum standard was a much better option than a single Federal 
document in the past.
    And I think that those of us that want to avoid the 
national ID card recognized that this was a great alternative 
as an American way of doing it. We just have everybody do it, 
but they do it up to a minimum standard.
    The one thing that I'd ask you, Ms. Rutledge, the one 
Federal document used in America has not changed since the 
1930's. Social security card.
    Will our Federal card--or does it qualify under REAL ID? 
Social security card as we know it.
    Ms. Rutledge. That is one of the things that we use for a 
form of identification.
    Mr. Bilbray. But it doesn't fulfill the mandate. Our 
employment identification has not fulfilled the mandate that we 
put on you guys for the driver's license.
    Ms. Rutledge. Right.
    Mr. Bilbray. Is it within the executive branch's 
authority--do you have the power, if you wanted to upgrade that 
document, which is really one of the base documents, the 
breeder documents? Is there any discussion about the ability of 
the executive branch to take the initiative and upgrade that 
documentation?
    Ms. Kraninger. Congressman, there definitely are 
discussions to that end, and certainly we had that discussion 
particularly during the immigration reform debate. I can't 
speak to what Social Security Administration's authorities are 
with respect to upgrading the card notwithstanding some 
congressional action, but certainly we have looked at that and 
talked about it.
    I think the one thing that is of note, at least with 
respect to Real ID, is that verification of at least that 
document as it is presented, and recognizing that it can't 
stand alone as something that could be the basis of identity 
depending on the privilege that is being applied for with 
respect to a driver's license. It certainly is not the case 
that is the only document that an individual would show.
    Mr. Bilbray. I want to thank you for the hearing.
    I do not know of a State in the Union or a county or a city 
that still uses a piece of paper with a name and a number on it 
as an identification document. I mean, they have all upgraded 
except for the Federal Government, and where we have asked you 
to sort of get your act together, I think we are at a point 
where we need to sort of go back, and physician heal thyself, 
and do the right thing and lead by example. And, one of the 
things we need to talk about is, as far as I know, that there 
is no law out there stopping the administration from upgrading 
all of its identification up to a minimum standard, not picking 
and choosing.
    So I yield back.
    Mr. Towns. Thank you very much.
    Let me thank you for your testimony, of course, and you can 
see and hear our concerns, and we are going to continue to look 
at this and to see in terms of what we might be able to do to 
assist.
    We recognize that we might have a role here, too. And, of 
course, I think that Vermont can be very helpful in the fact 
that it is a small State. They can do some things. They can do 
some experimenting and all of that, and then maybe we can 
benefit from it on a national kind of scale.
    So, thank you so much for coming. Thank all of you for your 
testimony. And here again, we will be talking as the days and 
months go along.
    Thank you so much.
    I would like to welcome our second panel.
    As with the first panel, it is our committee policy that 
all witnesses are sworn in.
    So please rise and raise your right hands.
    [Witnesses sworn.]
    Mr. Towns. Let the record reflect that they all have 
answered in the affirmative.
    Let me begin by asking Kathy Alsbrooks, the Federal 
Government accountant director for the LaserCard Corp., which 
currently produces green cards and laser visa cards for the 
U.S. Government.
    And then of course after that we have Neville Pattinson, 
who is the vice president for business development and 
Government affairs at Gemalto Corp., and he is representing the 
Secure ID Coalition.
    And of course Mr. Stager is executive vice president at the 
Digimarc Corp., representing the Document Security Alliance.
    So, Ms. Alsbrooks, why don't you proceed?

  STATEMENTS OF KATHRYN K. ALSBROOKS, DIRECTOR, U.S. FEDERAL 
 PROGRAMS, LASERCARD CORP.; NEVILLE PATTINSON, VICE PRESIDENT, 
 GEMALTO, INC., REPRESENTING THE SECURE ID COALITION; AND REED 
  STAGER, DIGIMARC CORP., REPRESENTING THE DOCUMENT SECURITY 
                            ALLIANCE

               STATEMENT OF KATHRYN K. ALSBROOKS

    Ms. Alsbrooks. Thank you, Chairman Towns and Ranking Member 
Bilbray, and I thank you for the opportunity to appear before 
you today to discuss LaserCard's role in secure ID programs 
currently underway and our experience in addressing the 
challenge in how to make a secure, tamper proof ID card, one 
that delivers both biometric ID verification and fulfills 
today's need for visual, reliable inspection, a Flash Pass, 
when automatic authentication is not available.
    LaserCard is a publicly held U.S. company. We are 
headquartered in Mountain View, CA. For over 20 years, we have 
been an industry leader conducting research, development and 
manufacture of highly secure, multi-biometric identity cards.
    Today my remarks will focus on the visual and physical 
security of ID cards which utilize optical memory card 
technology.
    The technology is deployed today in the Green Card, the 
U.S. Permanent Resident Card, issued by the Department of 
Homeland Security, the Border Crossing Card or Laser Visa 
issued by the State Department. Mexican citizens who frequently 
cross the U.S. border carry these cards. The Canadian Permanent 
Resident Card issued by Citizenship and Immigration Canada; the 
Italian National ID Card and Foreign Resident Card, both issued 
by the Italian Ministry of Interior, and the Saudi National ID 
Card issued by the Saudi Ministry of Interior.
    More than 30 million of these cards have been issued to 
date.
    The preeminence of optical memory in North American ID 
security is reflected in these two facts: First, according to 
US-VISIT stats, the roughly 24 million optical cards in 
circulation in the Western Hemisphere represent almost 80 
percent of all U.S. land border entries by foreign nationals.
    And most important, the data security of the optical memory 
card has never been compromised. In over 15 years of 
deployment, the data security cards have never been 
compromised.
    To meet the requirements of the Western Hemisphere Travel 
Initiative and in accord with the recommendations of the 9/11 
Commission, LaserCard has developed the LaserPass, which 
combines unbeatable visual security of optical memory with the 
facilitation advantages of RFID.
    In today's world of advanced machine readable technologies, 
including our own, why do we maintain a constant focus on 
visual security as a fundamental requirement?
    That answer is simple: Today, visual inspection of ID cards 
is the norm. The implementation of a comprehensive 
infrastructure to machine read and authenticate ID documents is 
a huge undertaking. In fact, Customs and Border Protection 
officials have stated that RFID readers will only be installed 
at 39 of the roughly 150 U.S. land ports of entry.
    Clearly, visual inspection will remain an essential border 
entry inspection procedure for the foreseeable future. The more 
successful the deployments of the Western Hemisphere travel 
cards, including the PASSport Card, the Border Crossing Card, 
and the Nexus-Sentri and FAST card, the more widely they will 
be accepted as the de facto means for establishing identity in 
flash pass scenarios like airline check-in, airport security 
and boarding, employment eligibility, provision of government 
service, banking and building entry.
    But, even more importantly, some of these cards will serve 
to confirm identity as a U.S. citizen.
    For all of these reasons and more, the very highest level 
of virtual security in the Western Hemisphere travel cards is 
absolutely essential.
    Optical memory is, in fact, unique among all advanced ID 
card technologies in being able to fully meet these needs. The 
technology incorporates a variety of easily verified visual 
security features. They support authentication of the card 
itself, and they offer verification of the card holder's 
identity. These features are literally tamper proof. They 
cannot be altered. And they serve to confirm information 
printed on the face of the card, including the digital 
photograph and biographical data.
    For law enforcement and secondary inspection purposes, 
optical security incorporates covert security features and 
forensic security features supporting suspect document 
laboratory inspection and expert testimony in criminal 
proceedings. This unique layering and blending of overt, covert 
and forensic features in the same media provides an unequaled 
level of counterfeit resistance.
    And finally, optical security also delivers an individually 
personalized high definition embedded hologram, which shows the 
card holder's digital photograph and biographical information. 
This important feature renders each individual piece of optical 
memory physically and visually unique. This imposes an 
exceptional barrier in the path of the mass counterfeiter. Most 
traditional security features are routinely copied or simulated 
by counterfeiters. Forensic document experts strongly advise 
card issuers not to rely on a limited selection of security 
features alone for counterfeit and tamper resistance.
    As I described earlier, optical security provides intrinsic 
layering of security features. The embedded hologram 
permanently captures the other relevant information from the 
face of the card and, used in combination with RFID, results in 
a tamper proof RFID card like that required for implementation 
of the Western Hemisphere Travel Initiative.
    In closing, I hope to leave you with this: Optical card 
technology is proven. The digital security has never been 
compromised, and it is physically, literally tamper proof.
    Thank you again for this opportunity to speak. I look 
forward to taking your questions.
    With your permission, I have samples of all of these 
various cards which I have referred to. You can see for 
yourself what I am talking about after the proceedings. I would 
be happy for you to look at them.
    I have also brought examples of counterfeits of these cards 
and a demonstration of counterfeit techniques that I would be 
happy to show you personally, probably not in a public forum.
    [The prepared statement of Ms. Alsbrooks follows:]

    [GRAPHIC] [TIFF OMITTED] T5220.023
    
    [GRAPHIC] [TIFF OMITTED] T5220.024
    
    [GRAPHIC] [TIFF OMITTED] T5220.025
    
    [GRAPHIC] [TIFF OMITTED] T5220.026
    
    [GRAPHIC] [TIFF OMITTED] T5220.027
    
    Mr. Towns. Thank you very much.
    Mr. Pattinson.

                 STATEMENT OF NEVILLE PATTINSON

    Mr. Pattinson. Good afternoon. Thank you for including me 
on behalf of the Secure ID Coalition on this panel to discuss 
the increasingly important issue of identity management and 
technology for secure identity documents.
    For the record, I must offer a disclosure. I presently 
serve on the Department of Homeland Security's Data Privacy and 
Integrity Advisory Committee. Nothing I say here today 
represents the views of that committee or the Department of 
Homeland Security.
    The Secure ID Coalition is an affiliation of companies 
providing digital security solutions for identification of 
documents. Our mission is to promote the understanding and 
appropriate use of identity technology that achieves enhanced 
security for ID management systems while maintaining user 
privacy. It is critical that any document used for 
identification of a person must incorporate the highest levels 
of securities and features that protect personal privacy.
    Our coalition is very concerned with the proposed adoption 
of RFID technology into the ID documents such as the WHTI PASS 
card or Enhanced Driver's License.
    My company, Gemalto, is a member of the Security ID 
Coalition and is a leader in digital security with operations 
in about 100 countries with 10,000 employees, including 1,500 
R&D engineers. More than a billion people worldwide use the 
company's products and services for a variety of operations, 
including secure identity documents.
    The smart cards have been adopted and deployed in many 
important government programs around the world. In the United 
States, Gemalto supplies smart card technology to the 
Department of Defense's Common Access Card program, to agencies 
deploying HSPD-12 compliant PIV cards, and we supply to the 
Department of State through the Government Printing Office 
electronic passport covers.
    So what is a smart card and what can it do for securing 
somebody's identity?
    Put simply, smart card technology consists of a 
sophisticated electronic computer chip embedded in plastic card 
technology. The chip has an operating system which provides the 
features and functions for particular applications. The success 
of smart card technology is in its ability to provide strong 
security and privacy protections to each individual in a 
convenient form.
    You may consider the computer chip as an electronic 
security agent representing the issuer of the ID in the hands 
of the user. The chip security and communications protocol 
ensure communication and privacy. Some cards communicate either 
directly through contact or to written devices or over short-
range wireless in contactless mode. Whatever method used, in a 
secure smart ID card, the underlying security ensures both 
electronic document authentication and user authentication for 
transacting any credential information. No other technology can 
offer these features in a cost-effective and convenient manner 
to ensure identity and authentication.
    RFID is nowhere capable of the security features of that of 
the smart card technology. Please do not confuse RFID with 
smart card technology.
    Over the past 6 years, there has been a proliferation of ID 
programs within the Federal Government. The best programs have 
been developed and implemented independent of similar work 
taking place within other agencies.
    One of the major failings currently in ID management is 
that there is no unified policy for identity and credentialing 
processes or documents, and security and privacy questions are 
left to interpretation. There is no guidance from an 
appropriate policy framework and very limited oversight.
    In some instances, unrealistic program proposals are 
proffered without any sense of understanding about technologies 
available or the best practices and standards for security of 
the program and the privacy.
    Further, the vulnerabilities exist in some cases because 
there is just pressure to get it done.
    Privacy must be accounted for in the design, evaluation and 
implementation of an identity system. It is for this reason 
that we are alarmed to understand that even though government 
programs are required to go through a Privacy Impact Assessment 
process, in many cases the assessment does not sufficiently 
address the ID document, and those assessments are started many 
months after the program is well underway.
    ID documents are a special category of documents, which 
require special consideration. Identity documents, once issued, 
must attest to the identity of an individual and offer a 
credential, which can be trusted. If there is a weak chain of 
trust between the ID document, the individual, and the ability 
to authenticate the claimed identity, there opens up a 
vulnerability, which may be exploited.
    The consequences of this vulnerability may lead to 
impersonation or fraudulent use of the credential, which will 
have significant repercussions to the integrity of the identity 
system and the asset it is protecting.
    Therefore, the more effort taken to ensure that a chain of 
trust can be established between the ID document presented, the 
user presenting the ID and the validity of the credential, the 
more confident we are that the person is who they claim to be 
and the ID belongs to them.
    Where high levels of identification assurance are required, 
several types of security and authentication technologies are 
combined together. These can be such things as physical 
security features that we have heard of, forensic features, 
machine readable technologies, and electronic authentication 
technologies.
    When considering an identity program, the security document 
technology features just mentioned are available to address a 
wide range of these issues. The more features, the harder the 
document will be able to be counterfeited or misused. However, 
the inclusion of smart card technology is essential to any true 
secure identity document as proven in the U.S. Government 
programs that you have previously heard of.
    Any identity program that is established to protect our 
national security and homeland must incorporate smart card 
technology. Smart cards are incredibly difficult to tamper 
with, forge, or clone and provide a deterrent for folks trying 
to do us harm.
    Mr. Towns. Can you sum up?
    Mr. Pattinson. Certainly.
    We offer three conclusions: Any secure identity document 
must include a secure authentication feature, electronic. We 
would ask the subcommittee to consider developing a 
comprehensive body of work that reviews all standards and 
technologies associated with identity and evaluate them based 
on the security needs of our country; and third, we would offer 
our expertise to look at and review the WHTI PASS Card and EDL-
RFID technology and see how we can help that program.
    [The prepared statement of Mr. Pattinson follows:]

    [GRAPHIC] [TIFF OMITTED] T5220.028
    
    [GRAPHIC] [TIFF OMITTED] T5220.029
    
    [GRAPHIC] [TIFF OMITTED] T5220.030
    
    [GRAPHIC] [TIFF OMITTED] T5220.031
    
    [GRAPHIC] [TIFF OMITTED] T5220.032
    
    [GRAPHIC] [TIFF OMITTED] T5220.033
    
    [GRAPHIC] [TIFF OMITTED] T5220.034
    
    [GRAPHIC] [TIFF OMITTED] T5220.035
    
    [GRAPHIC] [TIFF OMITTED] T5220.036
    
    [GRAPHIC] [TIFF OMITTED] T5220.037
    
    [GRAPHIC] [TIFF OMITTED] T5220.038
    
    [GRAPHIC] [TIFF OMITTED] T5220.039
    
    Mr. Towns. Thank you very much.
    Mr. Stager.

                    STATEMENT OF REED STAGER

    Mr. Stager. Thank you, Chairman Towns, Ranking Member 
Bilbray, for giving us the opportunity to prevent the views of 
the Document Security Alliance to this group.
    We are here to talk about the technology for secure 
identity documents, systems and processes.
    The Document Security Alliance was created by government 
agencies, private industry, and academia to identify methods to 
improve security documents and related security procedures in 
order to help combat the growing use of counterfeit documents 
in acts of identity threats and fraud, terrorism, illegal 
purchase of controlled substances and firearms, illegal 
immigration, and other criminal acts.
    The DSA membership consists of more than a dozen government 
agencies, including the U.S. Secret Service, the TSA, the 
Department of Homeland Security, the Social Security 
Administration, the FBI, the GSA, the FDA, Departments of 
Treasury and State and the Government Printing Office along 
with 75 private industry members.
    I am also the executive vice president of Digimarc, which 
is one of DSA's industry members. Digimarc issues more than 60 
million identification documents annually, including two-thirds 
of the driver's licenses in the United States, including the 
State of Vermont as described by Director Rutledge.
    This testimony comments on the need for Federal Government 
and State governments to adopt end-to-end identity management 
solutions that address the unique security challenges faced by 
ID issuers today by incorporating five critical elements of 
secure ID issues.
    This mirrors Director Rutledge's comments. It is not just 
the credential, it's multiple steps, including data capture, 
identification verification, secure ID production, secure ID 
credentials and ID authentication at various points of 
inspection.
    This testimony provides best practices, recommendations on 
the steps the government needs to take to improve the quality 
and security of the IDs and Social Security cards and driver's 
license. Those recommendations are detailed more fully in the 
written testimony that has been provided.
    In order to improve document security, it is important to 
understand and prove how an applicant is qualified and how a 
secure ID is issued and used. DSA believes any secure ID 
infrastructure must include data capture processes, which would 
be to obtain the applicant's photograph, demographic 
information, supporting documents, such as breeder documents, 
which would be Social Security cards, copies of passports, 
copies of birth certificates, and a digital version of his or 
her signature and, if necessary, appropriate biometrics such as 
facial or fingerprint biometrics.
    Identification verification would be used to authenticate 
and validate an applicant's credentials, the breeder documents 
they present, as well as comparing information against select 
data bases such as the Social Security Administration data base 
as reflected in the REAL ID legislation.
    Secure ID production would utilize processes and 
technologies that enable secure ID issuance. That would include 
the ensuring of the security of all the materials, the physical 
facilities and establishing audit and background check 
procedures for all employees involved with issuing 
identification documents.
    Secure ID credentials would incorporate, as has been 
discussed earlier today, a layered durable card architecture, 
which includes both difficult to counterfeit materials with 
sophisticated laminating and finishing processes as well as a 
number of overt, covert, and forensic security features.
    Many secure documents today have between 12 and 20 security 
features built into the documents as part of that layered 
architecture.
    Authenticating IDs allows the verification, without 
infringing on the individual's privacy or taking private 
information from the document, of the authenticity of a 
proffered government-issued photo ID, no matter where it was 
issued at all various points of inspection or transaction, 
public or private.
    One of the areas we cover is the Social Security 
Administration's card, and that came up earlier today. The 
audience for that card has traditionally been employers in its 
use in administering benefits. The card is also used as a 
breeder document for identifying--establishing identity. 
However, the DSA's view is that card was never designed for, 
and should not be considered a secure identity credential.
    Mr. Bilbray. That is an understatement.
    Mr. Stager. Thank you.
    As we look at the issue of enhancing security of the Social 
Security cards, we recommend the following: If the 
congressional intent is to improve the security of the Social 
Security card, it is a significant undertaking that will take a 
number of years. It will take 16 to 20 years to turn over the 
existing base unless a reissuance process is developed.
    The overwhelming majority of misuse and the largest cause 
of identity theft and fraud is not the use of the credential; 
it is use of the Social Security number inappropriately.
    The immediate focus of security upgrades should be on 
expanding on-line verification systems allowing law 
enforcement, employers and others to validate Social Security 
numbers and names to prevent fraud similar to how the DMV is 
compared against that data base today.
    A number of security features, processes, and best 
practices would provide additional security, including 
upgrading to something more than banknote paper, incorporation 
of a number of variety of practical and cost effective security 
features as elaborated on in our written testimony.
    In any case, if significant upgrades are done, it will be 
done at significant cost compared to the existing documents.
    In terms of driver's licenses, the U.S. driver's license, 
which has become an increasingly valuable credential as a proof 
of identity access to most economics transactions, we recommend 
the five steps I identified earlier be embraced, which is 
captured in much of the REAL ID legislation: data capture, 
verification, secure production, secure credential and 
authentication.
    The 2-D barcodes using the PDF 417 standard is used as the 
standard overt machine readable technology for carrying data, 
which is partnered with additional machine readable 
technologies to enable cross-jurisdictional point of inspection 
and ID authentication.
    The need for implementing this for cross data base 
verification is important with such systems as the Social 
Security data base, the Systematic Alien Verification and 
Entitlements data base, Department of Defense, the Department 
of State data bases.
    This is not necessarily centralized data bases or national 
ID systems, and the Social Security data base system is an 
excellent example of how that system can be implemented without 
impacting citizen privacy.
    We also suggest security conscious ID validity periods be 
established to 5 years.
    Mr. Towns. Could you sum up?
    Mr. Stager. Yes, I will.
    And also that appropriate resources and funding are 
provided to State DMVs and other government issuing authorities 
to upgrade the security of their documents and issuance 
processes.
    Document security is a key but often neglected 
infrastructure element supporting the everyday lives of our 
citizens. The DSA encourages policymakers to further invest the 
appropriate resources, time, people and funds to ensure our 
Nation's identity management system effectively protects our 
citizens against fraud and identity theft, protect our young 
people from inappropriate access to restricted products, make 
the highways and roads safer and protect everyone from 
additional criminal and terrorist acts.
    Thank you for your time.
    [The prepared statement of Mr. Stager follows:]

    [GRAPHIC] [TIFF OMITTED] T5220.040
    
    [GRAPHIC] [TIFF OMITTED] T5220.041
    
    [GRAPHIC] [TIFF OMITTED] T5220.042
    
    [GRAPHIC] [TIFF OMITTED] T5220.043
    
    [GRAPHIC] [TIFF OMITTED] T5220.044
    
    [GRAPHIC] [TIFF OMITTED] T5220.045
    
    [GRAPHIC] [TIFF OMITTED] T5220.046
    
    [GRAPHIC] [TIFF OMITTED] T5220.047
    
    [GRAPHIC] [TIFF OMITTED] T5220.048
    
    [GRAPHIC] [TIFF OMITTED] T5220.049
    
    [GRAPHIC] [TIFF OMITTED] T5220.050
    
    [GRAPHIC] [TIFF OMITTED] T5220.051
    
    [GRAPHIC] [TIFF OMITTED] T5220.052
    
    [GRAPHIC] [TIFF OMITTED] T5220.053
    
    [GRAPHIC] [TIFF OMITTED] T5220.054
    
    Mr. Towns. Let me thank all of you for your testimony.
    Let me raise a question about Social Security. My colleague 
raised an interesting point there.
    With Social Security, doesn't it come down to--Social 
Security cards come down to cost, because right now the card 
costs 5 cents each. I guess the question is how much would a 
secure Social Security cost?
    Mr. Pattinson. How much would a secure card cost?
    Ms. Alsbrooks. Depending on the technology you put on it, 
anywhere between $3.50 to $10, depending on how many chips you 
had on it, whether you had RFID on it, whether you had optical, 
all of the different printing techniques.
    Mr. Bilbray. How long would that technology last?
    Ms. Alsbrooks. Our technology has been out there for 10 
years. It is durable. I think the new Western Hemisphere Travel 
Initiative cards are supposed to have a 10-year durability. I 
think you can count on a 10-year durability.
    Mr. Bilbray. That is if you carried it.
    Ms. Alsbrooks. Yeah. Not in your shoe but, yeah, in your 
wallet.
    Mr. Towns. So this boils down to cost, doesn't it? Isn't 
this a problem, cost?
    Mr. Stager. Yes. If you looked at a base of Social Security 
cards of 200 to 300 million multiplied by the numbers just 
presented, it becomes a very significant cost, and yet the 
majority of fraud and activity around Social Security cards is 
also the Social Security number being used as opposed to the 
credential being presented today.
    Mr. Towns. What do you say to that, Ms. Alsbrooks?
    Ms. Alsbrooks. Can you ask the question----
    Mr. Stager. If there is 200 to 300 million cards in 
existence that may have to be replaced at those kind of costs 
versus 5 cents a card, it becomes a very, very large number for 
replacing all of those cards.
    Mr. Towns. We are also talking about security now.
    Ms. Alsbrooks. I mean, yeah, to replace that many cards 
would be a significant undertaking, but it is numbers. I mean, 
it just depends on how many production capabilities you have 
and how fast you can get people enrolled and deployed. But that 
would take a long time.
    Mr. Bilbray. Can I jump in?
    Mr. Stager, you were right. The point is it is the forgery.
    When is the last time you showed your Social Security card?
    Mr. Stager. I believe it was in 1976.
    Mr. Bilbray. 1976.
    The reason why the card does not have--isn't abused very 
often is because nobody really asks for them any more because 
they are not worth the paper they are written on. So we go by 
an honor system on it.
    So in all fairness, we do admit that to say: ``Well, the 
abuse is in use of the number, not the card,'' kind of misses. 
It needs to point out that the reason why it's the number is 
because the card is so--has such lack of validity that even the 
employers that are required technically to see the card just 
take a number.
    Mr. Stager. We would agree entirely.
    Mr. Towns. Reclaiming my time--go ahead.
    Mr. Stager. We would agree that the current situation is 
that the card is easily counterfeited. It has no real purpose 
for validity. There is no training available.
    We reviewed the 54 different versions of it that are 
outstanding of it today and the fastest way to increase 
security of citizens is to focus on on-line verification of 
information. But we also agree that significant security 
upgrades, as identified in our document, should be made.
    Mr. Towns. It's interesting we are having this discussion. 
Just 2 weeks ago on the floor of the House, Members of Congress 
were just talking about Social Security. And we asked a 
question, when is the last time you had a Social Security card. 
And one guy said 31 years since he's had a card. He knows his 
number and that's all that matters. You know, he just gives a 
number and that's it. And the other one said 22 years since 
he's had a card. And they asked me, and I said I don't 
remember.
    So I think that sort of makes the point that if this is 
something that we begin to emphasize and stress, and we really 
are talking about security here, then I think that we could 
view this very differently, because, like you said, there is no 
question about it.
    If there is anything that you think that we can do here? I 
want to ask very quickly before I yield to my colleague, what 
do you think Congress should do? Starting right down the line--
other than leave you alone.
    Ms. Alsbrooks. No. I don't think you should do that at all. 
I think what you are doing here is a great thing for you to 
become educated on some of the details of the issues so that 
you can formulate policies that really benefit the taxpayer is 
a great start.
    Mr. Towns. Mr. Pattinson.
    Mr. Pattinson. The question of Social Security cards is a 
challenging one. The life expectancy of that card is the life 
expectancy of the citizen.
    So in putting any technologies together, I don't think any 
of us have technologies that we would put on the table today 
that would say would last that length of time. Certainly we 
have technologies that can last certain spans of time and we--
--
    Mr. Towns. How long can you have technology can last for 
how many years now?
    Mr. Pattinson. We know that chip technologies, plastic 
technologies we can make them for 10 years as we do in 
passports and driver's licenses as we do today. Those cards--we 
can look at different technologies, perhaps we can extend them 
for longer.
    But essentially looking for 50, 60-plus years for life span 
of a credential is a great challenge to our industry, and what 
you can ask us to do is: to look at what are the appropriate 
technologies, be them physical features that can be embedded in 
a card that will add value to that secure credential so that a 
citizen can present that at any time and it can be a trusted 
credential; and I think today that is a good question for your 
committee to ask industry and challenge us with.
    Mr. Towns. Thank you.
    Mr. Stager. To answer some of the same questions.
    The Document Security Alliance recommends a 5-year validity 
period more because the challenges that the cards have to 
resist in terms of attacks have to keep up with the 
technologies employed. So the technology is constantly 
changing. The security features are constantly changing, and 
you want to constantly inject the newest and latest technology 
into the security cards and enable some of these new 
capabilities.
    In terms of what can be done, one of the biggest resources 
or one of the biggest questions we see from the States is can 
you help us with the funding, the resources to help us address 
the REAL ID requirements? Can you help us with upgrading the 
security of our credentials? And most importantly, if you do 
that, how are you enabling the Homeland Security at checkpoint, 
TSA checkpoints, to actually authenticate it using some of the 
machine readable features that are being deployed.
    Those are some of the steps that we believe could help 
increase security dramatically and quickly.
    Mr. Towns. Right.
    I yield.
    Mr. Bilbray. Let me go back.
    Your 10-year projection or 5-year projection of life span, 
that is based on it being on your person during that period?
    Ms. Alsbrooks. Yes, sir.
    Mr. Bilbray. What would be the life--I am just getting back 
to this because I think we are mixing apples and oranges here.
    There is a different here between the ID driver's license/
border crossing card as opposed to the way the chairman has 
used his lack of a Social Security card for the last--if it was 
used, basically put in a file, sat there until we changed jobs, 
what is the life expectancy there? The data, as far as I know, 
like CDs, they last for hundreds of years.
    Ms. Alsbrooks. We haven't done any studies to that effect, 
but it logically follows that if it sat in a file, it would 
last longer than you or I.
    Mr. Bilbray. Staff informed me like how many million do we 
reissue each year? 20 million at 5 cents each. Maybe you and I, 
Mr. Chairman, can be the big fiscal conservatives and be 
proposing that we just stop the silliness of issuing Social 
Security cards, that we should issue the number electronically 
and save the taxpayer and quit playing this sham of--as if this 
is some kind of a breeder document. The number is a breeder--a 
number.
    And I think that's what we need to clarify, is the fact 
that I would almost challenge anybody now of saying what good 
is the American taxpayer getting out of this expenditure for 
the 1930 technology out there, and does it really do any good 
for you.
    I am like you, I can't even remember--I think I signed up 
as a lifeguard in 1970 was the last time I showed my document, 
and I have been employed by government agencies ever since. So 
it just tells you how little it is done.
    Let me just say first of all, the issue of Mr.--Mrs. 
Alsbrooks, has the optical strip been evaluated by a government 
entity?
    Ms. Alsbrooks. Yes, sir. Several. None that I could tell 
you here in a public forum, but I will be happy to tell you 
after the----
    Mr. Bilbray. OK. Do you have any examples of cards that are 
being counterfeited?
    Ms. Alsbrooks. I have.
    Mr. Bilbray. Can you give us examples of those kind of fake 
systems?
    Ms. Alsbrooks. Absolutely. I have cards with me that are 
attempts at counterfeiting the optical memory stripe, and I 
think when you examine them, you'll see that they are poor 
attempts.
    And I have also counterfeits with me that would be a real 
challenge for even trained inspectors to differentiate between 
the fraud and the real card, and I will be happy to show those 
to you as well.
    Mr. Bilbray. Mr. Stager, I understand that your company is 
part of the Digital Watermark Alliance. As far as the Federal 
credentialing program is concerned, what kind of security 
benefits are gained with the inclusion of the digital 
watermarks?
    Mr. Stager. To answer that question I will have to put my 
company hat on as opposed to my Document Security Alliance hat. 
So I will do so.
    The digital watermark capabilities allow for the 
authentication of documents using machine readable scanners, 
handheld devices using a covert set of signaling technology 
that is embedded in the card. It will be in about half the 
driver's licenses issued next year. It is in about 50 million 
driver's licenses already today. So it is another layer of 
machine readable technology, laser authenticated, as well as 
tie various elements of the document together: the photograph 
along with the data, the variable data print on the card, and 
if you have a chip on the card or a bar code, it helps tie that 
with the digital data contained in that.
    So it really acts as an integrity feature as well as an 
authentication step.
    Mr. Bilbray. Thank you.
    Congressional Daily reported that there's been significant 
delays in the TWIC programs, that DHS is missing deadlines at 
issuing the cards, but also the fact there are no readers out 
there, and then there is the issue of can the chips be broken, 
fried, how they get into it.
    Otherwise, are these readable and are they secure without 
the readers and if the chips get fried and that sort of thing?
    Mr. Pattinson. The chip program has been going for many 
years, and I think it is successful to DHS that they are now 
issuing those chip cards to help protect our ports.
    The chip technology in there has been based on the Federal 
FIPS 201 standard based out of HSPD-12. The credential 
contained in them has been secured with the chip as well as on 
the surface of the card.
    The extension that the TWIC program took to secure the 
communications of that credential of the wireless side has been 
a tremendous addition to that program. I think seeing that 
TWICs now are being issued and are securing the ports is a 
great thing.
    As far as the security elements that you are concerned 
there, if any element of the card or the chip is compromised, 
you have to fall back on your next level of security. So if you 
had the chip would be compromised or the card would be damaged, 
one of the other security features has to be present for you to 
fall back on to still authenticate the card. Ultimately you are 
going back to back-in system to verify that this is the 
credential that person should be presenting and should be 
accessing a device or service.
    It is many layers. It is not just a question if a chip is 
broken or a card is damaged.
    Mr. Bilbray. That's essential.
    One thing I learned when I was running jails or building 
jails you always wanted to have multiple barriers so that while 
they may break through one or two, the third one will always 
catch them, and the same thing with security.
    Mr. Chairman, I want to thank the panel for being here. I 
want to thank you for holding the hearing, and the sad part 
about it there are questions I have about our national security 
about IDs, but if it is any indication of where I think we 
haven't done our due diligence as a nation and the 
administration hasn't done their due diligence as an 
administration, there are questions and concerns that I have 
about securing different facilities in this city and around the 
country that I cannot ask in public because I think it would 
compromise security if the facts of the situation were put out 
to the public.
    So I look forward to working with you, and I am very 
honored to be able to serve as your ranking member on this 
committee.
    Mr. Towns. Thank you very much. I appreciate your kind 
words.
    Mr. Pattinson, you don't like the RFID cards.
    You heard the last panel. I mean, they say the convenience 
offsets the privacy concerns. You know, how do you respond to 
that?
    Mr. Pattinson. Well, Chairman Towns, I think we have to 
look at the technology of RFID for what it is good for. And, 
for what it is good for is revolutionizing the supply chain 
tracking industry, and I think the good things that it is doing 
there in implementing supply chain efficiencies are 
outstanding. And that is a very good application of that 
technology.
    What concerns me is its simplicity. I think it is a very 
small electronic device that is capable of doing one thing, and 
that is when it is stimulated transmitting a unique number. A 
unique number stays the same every time it is stimulated.
    On that basis, applying it to the use of human 
identification to me is a concern. There is now another number 
that can be associated with an individual. So that has ongoing 
privacy issues.
    But more importantly than the privacy issues here--and they 
are important--that even though they exist, there is security 
issues. This technology is extremely weak in its feature of its 
security. It has no operating system. It has no security 
features that can determine that the document or the device is 
authentic. It cannot perform any of the features that other 
sophisticated chip technologies can perform.
    So an RFID device being used in a human identification 
situation is alarming in the basis that it has vulnerabilities. 
People can now potentially create copies of these devises. They 
can clone them. They can try and masquerade under somebody 
else's unique number. These devices are insecure in the form 
of--of testing that is the original document that was issued to 
the particular individual.
    So RFID on its own I think is inappropriate in the 
situation.
    And DHS has done a lot of effort to look at the document 
and to look at the RFID to put a sleeve around the device. Now 
putting a sleeve around the device to me is a recognition of a 
failure of technology. To have a sleeve around a device that's 
got RF capability to me is unfortunately a recognition that 
there is something wrong with--why they have to put the sleeve 
there in the first place.
    Smart card technology as used in all of the PIV programs, 
HSPD-12s, the electronic process, they didn't have sleeves. 
This technology is such that it does not require to be 
protected from illicit stimulation. You have to have protocols 
and procedures that will wake up the chips appropriately, and 
the chip will perform a secure operation with its communicating 
reader and perform a secure transmission of the information.
    RFID technology has none of that capability. It has only 
the ability to transmit a single number.
    Mr. Towns. You don't like it?
    Mr. Pattinson. Yes. In this application.
    Mr. Towns. I understand the application of smart cards with 
chips if you have the readers. But are you going to ask every 
small business, every police officer, every bank branch to 
install a reader?
    Mr. Pattinson. I think it's a question of if you create a 
credential that can be trusted, that includes electronic 
technology for authentication of an individual, and you put it 
out there, people will start to adopt it. You don't have to 
mandate or enforce that all of those entities that you just 
described has to buy those things. It is entirely optional that 
they would, but I think to see the benefits when they did 
install that, they would have a higher level of assurance that 
they could determine that this was an authentic document and it 
belonged to the person who was presenting it.
    And on that basis, they have a much higher assurance that 
this isn't somebody who was trying to perform an identity 
theft.
    Mr. Bilbray. Like the swipe card with the Visa where they 
went away with the imprint?
    Mr. Pattinson. You mean the PayPass and the various ones 
from Master Card and Visa today?
    Mr. Bilbray. Yes.
    Mr. Pattinson. They are banking industry's recognition of 
convenience of providing a radio-frequency based 
communications, secure communication between the card and the 
reader for convenience at the transaction point.
    Mr. Bilbray. But that has happened in the last 20 years. 
Almost all businesses now have slide card technology?
    Mr. Pattinson. You mean just----
    Mr. Bilbray. I mean just for credit cards.
    Mr. Towns. Mrs. Alsbrooks, I have to ask you, will you 
respond?
    Ms. Alsbrooks. Our experience with reader deployments has 
been that they don't materialize as rapidly as we would like to 
see and you know, you mentioned earlier that the TWIC program 
has been going for quite a while. There have been difficulties 
with the readers that they have chosen for various reasons. 
They will be deploying the readers, and they are studying them 
now.
    But as of now, the TWIC cards are what we refer to as Flash 
Passes because the readers are not out there to verify them in 
all of the ports.
    As you see, I keep hammering on the issue of a Flash Pass. 
You know we--all of our machine readable technology as well as 
secure physical technology, we incorporate either RFID chips in 
our cards or contact chips in our cards.
    Our Saudi National ID program is in partnership with Mr. 
Pattinson's company, Gemalto, and I have one of my chips on my 
Saudi card with an optical technology.
    But inevitably, reader technology can be disrupted. The 
power can go out. You can fry the chip. You can break a chip.
    This is my very own contact card, common access card. If I 
take my fingernail like that and do that, that chip is dead. It 
is never going to work again.
    And then I have a Flash Pass. And this card has some 
significant problems in terms of document security. I could 
take the hologram off, I could wipe it clean with fingernail 
polish remover and put my own picture on it, and I can 
demonstrate some of that to you later.
    Ultimately, I think the best secure card will incorporate 
both the highest level of security of machine readable 
technology but will also continue to use technologies that have 
been proven to be very reliable for document security.
    You will be able to look at the cards and know that, one, 
it was issued by the U.S. Government. It wasn't manufactured in 
someone's garage or by a drug gang, and you will be able to 
look at the photograph and biographical information in the 
stripe and know that the front of the card has not been 
tampered with, that this photo matches this photo and this 
information matches this information. And that, today, we 
believe is the most secure Flash Pass you can get.
    Mr. Towns. Let me thank all three of you for your 
testimony. You have been very, very helpful in terms of--I 
really want to thank you for that and to say that we look 
forward to working with you in the days and months ahead to see 
in terms of how we might be able to solve some of the problems 
that we are encountering, because there are some problems as 
you would readily admit, I am sure. It is going to require 
working together to be able to bring about the solution, and we 
look forward to doing that.
    Thank you so much for coming. We really appreciate your 
testimony. The hearing is adjourned.
    [Whereupon, at 4 p.m., the subcommittee was adjourned.]

                                 
