Battle-tested tech: security and data mining

Smart cards go through basic training on the battlefield

The wars in Afghanistan and Iraq have been a proving ground for the deployment of security technology, allowing the military to push the boundaries of technologies created for the enterprise. The Department of Defense is now a hothouse of activity as it focuses on a massive smart-card deployment aiming to issue 4.3 million cards in the coming months. At the same time, the department's TIA (Terrorism Information Awareness) project is bringing together scores of research and commercial companies to develop new collaborative privacy and security applications.

Smart cards get smarter

The Defense Department's ambitious CAS (Common Access Card) project started in small pilot programs in 2000. In one such program in Hawaii, the Army successfully tested the cards for deployment readiness by having soldiers insert the card into a reader, which verified personal, medical, and financial records. CAS's relevance in a time of heightened security has focused industrywide attention on what has become the largest smart-card implementation of its kind.

Using existing smart-card infrastructure, the cards were made available at 90 sites, says Mary Dixon, director of the Defense Department's Access Card Office, an Army office charged with spearheading the smart-card program. The cards became the basis for an integrated authentication and access device that incorporated a PKI (Public Key Infrastructure) system for digital certificates to verify and authenticate the user for business transactions and email use.

The cards include a chip with 32K of memory and open standards based on Sun's Java Card to encourage multiple vendors and users. Java programmable, multiapplication smart cards can be configured to provide additional complex services beyond the PKI application. Bar codes and magnetic stripes were included to take advantage of legacy systems.

Previously segregated databases that organized military groups were unified, and systems were designed to determine levels of access for users. The project integrated the department's Defense Manpower Data Center database system, which holds more than 23 million records, into two redundant Sun ONE/Oracle powered datacenters, putting together an enormous database that can deal with more than 1.3 million queries and more than 250,000 updates a day.

The cards use a government interoperability standard that allows multiple vendors to provide card readers, software, and middleware. Data is being unified from more than 75 disconnected military systems worldwide.

Mobilization for Iraq pushed the Defense Department to roll out the smart card quickly, Dixon says. "We had to issue a lot of cards in a very short period of time."

As a battlefield identity device, the card appears to have passed with flying colors, experts say. Every soldier mobilized for the war received a smart card with PKI capability that authorized them to receive weapons, detailed their financial and medical records, and recorded their transportation routines for logistical purposes. At the highest security levels, battlefield leaders used the cards to access encrypted email and communications within secure networks, saysNeville Pattinson, Schlumberger director of business development and technology for smart ID cards.

In the coming weeks, the department will examine smart cards of returning military personnel to see how the cards held up, says Dixon. The opportunity to check cards that had been taken into the field is just one example of how the war has stimulated advancement of the smart card program. "The war was a natural experiment where we can see how it held up or fell apart," Dixon says.

The use of interoperability on such a massive scale and the integration of databases, middleware, and other system components are benchmarks for identification technology development, says Prianka Chopra, a smart card analyst at the research and consulting company, Frost & Sullivan in San Jose, Calif. "The project is setting an example for the industry," he says.

Deep thinking about data sharing

Whereas the Defense Department is moving ahead to put as much information as possible about military personnel on a card, the department's TIA, designed to gather information on the general population, is bringing together a wide array of research muscle to accelerate identification and privacy technologies.

Jan Walker, a spokeswoman at DARPA (Defense Advanced Research Projects Agency), which oversees TIA, says the program is developing technology along three lines: advanced collaborative and decision-support tools; language translation technologies; and data-search, pattern-recognition, and privacy-protection technologies.

TIA is developing technologies that may have business uses. "One of the things the National Security Administration needs to do is go through a lot of information to enable decision makers to make decisions," Walker says. "This happens in business as well when companies have multiple locations and decision makers need access to better information."

The Defense Department's attempt to create new systems to gather and parse information has its critics, including civil liberties groups like the Electronic Privacy Information Center, a nonprofit public interest group in Washington that believes TIA can potentially amass unfettered power over individual lives by having access to private information.

Walker denies any improper intentions, citing the mission statement that says TIA is not an attempt to build a supercomputer "to snoop into private lives or track everyday activities of American citizens."

Groove Networks has been publicly associated with TIA on collaborative, p-to-p projects, but Walker declines to list the names of other companies associated with TIA.

DARPA is using Groove technology in its TIA project to allow disparate users to conduct national threat assessment, says Michael Helfrich, Groove vice president of applied technology.

In addition, during the Iraq War, Groove's Workspace collaboration software enabled military and non-governmental organizations in the field to work together and create reports on infrastructure damage, replacing time-consuming, paper-based reporting.

A list of DARPA partners in the TIA project obtained under a Freedom of Information Act request and published by the Electronic Privacy Information Center shows DARPA is working on projects at the heart of cutting-edge technologies in collaboration, data integration, and privacy.

For example, PARC (Palo Alto Research Center) is engaged in a TIA project called "Protecting Privacy of Individuals in Terrorist Tracking Applications." Raytheon, in Lexington, Mass., is involved in research entitled "National Collaborative Environment Prototyping Architecture." AlgoTek, in Arlington, Va., is pursuing "Novel Mathematical and Computational Approaches to Exploitation of Massive Non-physical Data." And Austin, Texas-based Cycorp is involved in something simply called "Terrorism Knowledge Base."

There's little doubt that these research partners will produce mainstream spin-offs for their research projects or that smart card technology advances by the military will have commercial value. "[The Defense Department] is providing a wealth of products that will trickle down into commercial industry for use because there is less need to go through the kind of investigation that the military conducted." says Randy Vanderhoof, executive director of the Smart Card Alliance.

(View other stories from our special report on Battle-tested Tech, including reports on communications, supply chain and logistics, and robotics and automation).

Copyright © 2003 IDG Communications, Inc.