ITAA: Tech-neutral mindset suits DHS travel program

The House and Senate have agreed not to mandate a specific standard for the Western Hemisphere Travel Initiative.

Congressional leaders chose wisely when they avoided mandating specific technologies for use in the Homeland Security Department's Western Hemisphere Travel Initiative, according to the Information Technology Association of America, an industry lobbying group.

The program is intended to make it easier for frequent travelers to cross between the United States and other locations in the Western Hemisphere. One frequently discussed solution might involve radio frequency identification (RFID) tags and related technology to speed the processing of travel documents.

But ITAA officials said lawmakers should not specify RFID or any other technology, as they almost did when writing the 2007 Homeland Security Appropriations Act, which passed last week. An earlier version of the bill would have required the travel card on ISO 4443, an interoperability standard for smart cards and card readers defined by the International Organization for Standardization.

"Choosing the solution before asking industry for proposals is putting the cart before the horse, and we are pleased Congress has recognized that," said Phil Bond, ITAA president and chief executive officer, in a statement published Sept. 30.

According to ITAA, the original technical specification for the travel initiative was part of a July amendment to the DHS appropriations bill. ITAA said a problem with the ISO standard is that it applies only to RFID products operating at 13.56 MHz, which would have shrunk the field of available solutions dramatically.

"By including this requirement, Congress would be effectively using legislation to engineer an identity management system," ITAA officials wrote in a July 24 letter to congressional leaders.

In a conference report filed Friday, House and Senate leaders opted for less specific language. Instead of picking a standard, the report states only that DHS should select an architecture that "meets or exceeds" ISO security standards and the "best available practices for protection of personal identification documents."

"For government, the key to getting its hands on the best technology available is to establish performance-based requirements and then ask industry for the best solution," Bond said.