The Personal Identity Verification Project

Not many people noticed when President George Bush passed Homeland Security President Directive 12 on August 27th. The HSPD gave the Secretary of Commerce a 6-month deadline to developing a federal standard for identifying federal employees that (a) is issued based on sound criteria for verifying an individual employee’s identity; (b) is strongly resistant to identity fraud, tampering, counterfeiting, and terrorist exploitation; (c) can be rapidly authenticated electronically; and (d) is issued only by providers whose reliability has been established by an official accreditation process.

Most observers feel that this is a call for a federal biometric standard. In six months that standard will be applied to federal employees. Many privacy experts fear that what is a standard for federal employees today could easily become a standard for the whole country tomorrow.

To this end, the National Institute of Standards and Technology Computer Security Division has created the Personal Identity Verification Project. They are rapidly developing Federal Information Processing Standard 201 which will be the federal identity standard. it will probably be a biometric, and it will probably be fingerprints.

NIST is hosting a closed PIV Government Workshop on October 6th and a public workshop on October 7th. Right now it seems that the only people there are going to be vendors trying to sell their wares. Hopefully some people will go who care about privacy as well.