 |
 |
 |
 |
December 2006 • Volume 11 Number 12
|
 |
|
Executive Director's Letter
Let me begin by sharing my sincere wishes for a wonderful holiday season, and a Merry Christmas, Happy Hanukkah, and a Happy New Year to everyone of our readers from around the globe. This is the time of year that I reflect on personal and professional riches that I have experienced in my role as the Executive Director of the Smart Card Alliance. I went back through the full year’s issues of Smart Card Talk and was amazed at the sum of all that we have accomplished as an organization. After years of starts and stops, often with one part of the industry declining while another part is advancing, this year was the first year I can remember when everything about the smart card industry seems to accelerating equally, like a well-tuned engine running on all its cylinders. Let's all hope that there is still plenty of fuel left in the tank for next year and beyond. The year began with nearly every industry council delivering new projects at once. We had the Smart Cards in Parking paper, the Top 10 Hot Identity Topics, and Contactless Payments: The New Era in Payments for Merchants, the first of many new reports on this subject. Shortly after these publications were released, the Smart Card Applications in the U.S. Healthcare Industry report was published. We took the RSA Security Conference 2006 by storm in February with the expanded Smart Card Pavilion and a smart card tutorial by our Educational Institute, and listened attentively as Bill Gates and Microsoft declared that user names and passwords would soon be replaced by smart cards and smart tokens. As winter turned to early spring, our Physical Access Council was deeply engaged with our government partners and staring at the looming October 27, 2006 deadline for the government’s compliance with the HSPD-12 directive and issuance of smart card IDs using the new FIPS 201 standard. The debates and revelations about new government ID cards and new electronic passports came to a peak right at the time of the Alliance’s 5th Annual Smart Cards in Government Conference in April. The event drew a record crowd and featured three days of interesting discussions and demonstrations of the significant progress the smart card industry had made since the previous year. We also heard government leaders talk in detail about the Western Hemisphere Traveler Initiative (WHTI) passport card, the DHS First Responder Authentication Credential (FRAC), and a new standardization effort for the Registered Traveler program. As the cherry blossoms were blooming in Washington, the long delayed Transportation Worker Identification Credential (TWIC) program came back to life under the TSA and U.S. Coast Guard. The summer heated up with some serious media assaults on contactless smart card technology. First came the ABC News 20/20 piece that talked about weak security in RFID Speedpass tokens and made the leap that the same technology and security flaws will exist in passports and payment cards, putting everyone at risk. Adding to the media’s confusion was a draft report (released but since recalled) by a subcommittee within the Department of Homeland Security Data Privacy and Integrity Advisory Committee who boldly recommended that DHS “disfavor” all forms of RFID technology based on some ill-informed conclusions about contactless chips and other forms of RFID technology. The RFID hype hit its peak (or so we thought) in August when a German researcher claimed that he was able to clone his German passport using some cheap parts he could get from Radio Shack and claimed that everyone’s traveler identity was at risk. Little did he think that making an electronic copy of the chip was the equivalent of photocopying the personal data page of the standard passport and that other layers of security would quickly reveal a fraudulent document. This report prompted several television interviews of me sweating under the bright lights defending the good name of contactless smart card technology – no more TV for me, please! The fall season began fairly quiet from a media standpoint, but it was anything but quiet for the smart card industry. Remember that deadline for HSPD-12? We started September in full planning mode for the 2006 Fall Annual Conference in San Diego and that meant lots of planning calls for the agenda, speakers and technology showcase. It is also the time of year when we select the OSCA Award winners, recognizing the year’s outstanding issuer (Department of State, Passport Services), supplier (Gemalto), and individual (Neville Pattinson of Gemalto) in North America. The three day Annual Conference showcased every market for smart cards in the U.S. -- payments, transit, Near Field Communication, identity, enterprise security, government, and healthcare -- plus some exciting international projects. The event may best be remembered, however, for our closing keynote speaker, Jim Woolsey, the former CIA Director, and his politically charged views on terrorism and its roots in history. The rest of October, November, and even December (yes, Christmas season is only one day on the calendar for the smart card industry) whisked by in a frenzy. While our Physical Access Council was promoting its Migration of PACS to Achieve FIPS 201 Compatibility paper to the government’s HSPD-12 audience, the vendors were busy getting their cards, readers and software approved by GSA and setting up shared services sites so that agencies could get their ID credentials issued on time. Meanwhile the Identity Council was challenging the WHTI program’s intent to use insecure, long range RFID technology over contactless smart card chips (as used in ePassports) and creating new charts and FAQs to educate legislators and the media about the security and privacy capabilities of “secure RF-enabled” cards. The Contactless Payments Council saw the most activity during this time as a result of another new media assault, this time on contactless payments cards. The assault started with a New York Times article covering a University of Massachusetts lab report on contactless payment. Promoted by the group’s quest for publicity, this coverage led to the inaccurate conclusion,that all 17 million PayPass, ExpressPay, and Visa contactless cards issued in the U.S. were at risk from identity thieves bent on theft and fraud. A detailed Contactless Payments Security Statement and Frequently Asked Questions document released by the Smart Card Alliance within a few days of the report were not enough to avoid further television news programs ripe for controversy about payments security during the busy shopping season. They chose to report what was being done in labs, while ignoring all of the other security layers of the contactless payments networks that exist in the real world. And so you have it. An abbreviated but still impressive summary of 2006. I didn’t even have a chance to talk about the vastly improved new web site, or the Smart Card Career Center, or the Latin America Chapter, or the names of the nearly 50 new members of the Smart Card Alliance community that joined this year. (We are at 165 members now.) I will have to save that for my January newsletter. In conclusion, let me thank the Smart Card Alliance staff, contractors, partner organizations, and especially our members for helping make 2006 a fantastic year. I look forward with great anticipation to 2007. I will share with you in the next issue some of the new and exciting things we have planned for the year. In the meantime, mark down the date for the 6th Annual Smart Cards in Government Conference, April 10 – 13, 2007, at the Ronald Reagan International Trade Center in Washington, DC. Details will be available soon – maybe in your Christmas stockings!
|
|
