United States Department of Defense United States Department of Defense

News Transcript

Press Operations Bookmark and Share

Transcript


DoD News Briefing - Under Secretary of Defense Bernard Rostker

Presenter: Under Secretary of Defense Bernard Rostker
October 10, 2000 1:30 PM EDT

(Special briefing on the Department of Defense common access card. Also participating were Rear Adm. Craig Quigley, deputy assistant secretary of Defense, public affairs; Paul Brubaker, deputy chief information officer; Ken Scheflen, director, Defense Manpower Data Center; and Mary Dixon, director, Access Card Office.)

Quigley: Good afternoon, ladies and gentlemen. We're going to break up this afternoon's press briefing into two parts.

The first part here, we're pleased to have with us Dr. Bernard Rostker, the undersecretary of Defense for Personnel and Readiness; Mr. Paul Brubaker, the deputy chief information officer; Mr. Ken Scheflen, the director for the Defense Manpower Data Center; and Mary Dixon, director of the Access Card Office.

They are here with us today to introduce the common access card. This will replace the current uniform services ID card and is based "smart card" technology.

I'll turn this over now to Dr. Rostker, and then I will follow up after this presentation with some additional announcements and to take your questions on other topics.

Sir?

Rostker: Craig usually tells us to take off our badges, but today I particularly have my badge on. This is the new smart card or common access card that we will start issuing throughout the Department of Defense. This card will go to all of our active-duty, Reserve; for the first time, civilians; and selected contractors. And it is a card that puts us in the forefront of e-commerce and security, with the advent of not only the standard bar coding and magnetic strips, but for the first time a smart chip.

We'll be using this card for access to buildings, to computer systems, and eventually it has the capability of facilitating electronic commerce, allowances, mess hall accesses, and the like. And you'll start to see these cards appearing over the next months and several years. We'll be using these cards where -- this is an enabling technology at this point -- issuing the cards so that as the applications come online, we will have the wherewithal to allow our personnel to gain access to the various systems.

Now I'm joined here by Mr. Paul Brubaker, who can talk to the information contents of these cards. Paul?

Brubaker: Thanks, Bernie.

Bernie covered a lot of the basics of what the common access card brings us as an enterprise. But let me just say that the common access card and its role in our public key infrastructure [PKI] are critical to the successful implementation of many key programs that we have here in the world of DoD and service technology.

One of the most important issues that we faced over the past few years has been improving the security of our information systems across our DoD enterprise. One of the things that this will enable us to do -- the "smart card" -- will give us the capability to digitally sign documents, transactions and orders, and a lot of other implements that we use to do business here in the department.

The common access card will hold digital certificates, which are a cornerstone of our defense in-depth strategy. In other words, the deployment of the common access card moves us one step closer to a significant milestone in securing our networks, which Bernie mentioned earlier. The common access card is going to strongly validate the identity of the cardholder, who will then be given access to a number of services across the department to which he or she is entitled. These certificates also add capabilities to encrypt and thus privately exchange sensitive information over our open networks, such as the NIPRNET [Unclassified but Sensitive Internet Protocol Router Network]. And I can go into more detail on this later during questions and answers.

The primary distinguishing feature of the common access card, or in other words, what makes this card smart, is the integrated circuit chip -- this little thing right here which you can see on the display. I view this chip as a small computer without a monitor or a power supply. A smart-card reader will provide the power to read the data that's on this integrated circuit and provide an automated interface between the chip and other computer systems. The chip has the capability to read, write and perform various functions and operations on several thousands bytes of information. The common access card will also be the principal card used to enable physical access to the department's buildings and controlled spaces, and will be used to gain access to the department's computer networks and systems.

It will allow Defense employees to digitally sign documents, which I mentioned earlier, thereby resolving the major impediment to achieving our e-business and paperless contract goals.

The common access card will have two bar codes to support technologies previously implemented in the department. It will also have a magnetic stripe, primarily to support physical access to our facilities.

The information that will be stored on this card falls into a few general categories. First of all is identification. Secondly is demographics, benefits, physical security and card management. The chip will store certificates that enable the cardholder to digitally sign documents such as e-mail, encrypt information, and establish secure web sessions to access and update information via the Internet.

We've taken extensive measures to protect individual privacy with this technology. In fact, we expect the common access card to enhance individual privacy in the department as paper-based systems are replaced by computer-based systems.

The technology is not entirely new to the department. Since 1993, the department has been conducting evaluations on multi-technology cards. The results have clearly shown that when coupled with business process reengineering, these technologies save time, free money for use on other requirements, and improve the quality of life for our people and enhance our mission capability.

This particular card is going to be a significant step toward the revolution in business affairs that you've all heard so much about. One of the key capabilities of this card is in supporting multiple technologies and many applications on a single platform. It's important to note that we're going to have department-wide applications and local or command-specific applications that are supported by this card.

Now, having said all that, we're now open to answer any questions that you may have.

Q: Who will get the contract to build and manage the card?

Brubaker: I believe it's EDS. Right? Go ahead. Mary Dixon.

Dixon: The initial card was that -- the issuance process, the software that was done to develop that was a combined effort of a number of people, both EDS, ActivCard, some of the card manufacturers and a number of other people. But as we follow along and purchase the bulk of the cards that we're going to be needing over the next two years, we will do that through the GSA contract, which has the smart card contract for the entire federal government. And so that will be competed among the five prime vendors that have won that contact, and we will get the cards through whatever card vendor is able to meet our specifications.

Q: How much will it cost to buy all the cards that you need?

Dixon: Right now we're estimating the cards will cost approximately $8 apiece, and about 3.4 to 4 million cards. But that will be a continuing -- you know, once they're issued, that's not the end because we have 400,000 accession every year, so there will be people leaving and people coming on board. So it will be about 4 million initial issuance and then about a million a year after that.

Q: If people lose these or they're stolen, what kind of controls are on them so that they couldn't be copied or used to gain unauthorized access?

Rostker: PIN [personal identification number] controls. There's some information that you have to provide at the time of accession to provide access. Just having the card would not be sufficient to gain access.

Q: Would people who gained access to the card be able to gain personnel information from it?

Rostker: No. All of the information is encrypted. And so you would have to have the appropriate software and hardware to interface the cards. But the information on the chip is heavily encrypted.

Q: Two questions. Can you tell us a little bit more about the sort of other end, the reader end? In other words -- you know, in the various applications, especially, like, access to computer systems? Do you have to -- I'm just not clear -- to install readers at various computer points? And my other quick question is, the electronic dog tag for active duty, does this replace the electronic dog tag?

Rostker: No.

Q: Okay.

Rostker: The electronic dog tag is still in the development stage. There have been some discussions, but -- of using this, but we have not resolved that. And so that remains an open issue. Let me talk about non-computer applications, okay? Everything from entering the building today.

You all have around your necks building passes. Eventually you would use this to enter buildings. It allows us, for example, to put charges, your allowances that could be debited from the card as you go through mess lines, for example. We intend this to be an open architecture so that we would experience a myriad of uses that we can't even see today. What is clear is the integration of this, which was tested, for example, by the Navy -- a smart card -- with the whole move towards public key infrastructure and the requirement for every person who has access to our computer systems to use that technology. And that's all integrated now into a single device. And let me turn that over to Paul again for the computer part.

Brubaker: It's important to understand, too, that the card will limit access to certain individuals. In other words, you may have access to certain buildings in the national capital region and not others. The magnetic stripe will be able to tell the system that as you swipe and log in. It'll either let you in it or won't let you in. The same is true of the computer systems. As you use the integrated circuit, your certificates will be on here. So if you're entitled to access certain types of information or certain applications, you will be -- this card, the certificate on this card will enable you to do that. It will limit your access to -- or will not allow you access to applications and systems that you're not entitled to access.

Q: But I guess what I'm just not understanding, I'm sorry, is, like, physically do you have to now go and install readers on --

Rostker: Yes. Yes. Yeah. For example, your desk computer would in the future have a reader that the card would be placed into, and that is your key to allow you to use the government computer.

Q: And as military people move around, then, do you turn your card in when there has to be any change to it, or -- how does it get adapted --

Brubaker: Your card can get reconfigured.

Rostker: You would turn the card in. The card is designed to have a life of three years. So at the end of three years you would be issued a new card, and your certificates would be updated. In the interim, changes can be made to the card.

One of the features -- this is a read-write, not just a read only capability on the chip. And one of the features is encryption. So that as you are using the card, as information is placed on the card, that information is heavily encrypted. And these will -- the encryption will be certified by the appropriate agencies, by the National Security Agency for us.

Q: Is there any battlefield condition -- cold weather, hot weather, desert -- anything in which this would not work?

Rostker: We don't believe so. But that's one of the -- this is still a (beta ?) test as we move out. So we'll learn things about the life of the card.

I think you know that in the private sector we're starting to see smart cards also, in -- American Express, I think, was the first. And I know MasterCard and Visa are soon to follow. So this is the technology that will be available in the future.

Q: What's the cost for the follow-on infrastructure of the readers?

Rostker: I don't have --

(To staff) Do we have a figure for that?

Q: (Off mike) -- is it going to be every DoD computer, every PC, every laptop?

Rostker: Yes. Eventually.

Dixon: Yes. Well, it depends, because if you purchase a new computer, you can today have a smart card reader installed as part of the, you know, the normal configuration of that computer, in which case you're talking about maybe a couple of dollars that it would cost. If you have to buy a reader because your computer currently doesn't have that, then the cost of the readers vary from anywhere from $20 to up to, if you're buying it installed with a keyboard, up to $250. So that depends upon how you want to use the card.

Q: And there are more computers than there are people here. I know a lot of people have several on their desks. So how many --

Dixon: But a lot of people don't have any computers. So I think that the estimate that they did for PKI, when they were estimating the cost of the readers, which is already in their budget, to buy readers for those computers, is about $3 million.

Brubaker: If we plan this right -- and I anticipate that we will -- chances are as we go through this, the typical refresh of technology, I know -- I recognize some of you from the NMCI [Navy-Marine Corps Intranet] news conference -- as they field that technology, they'll field smart card readers in the new PCs that land on folks' desks. So the infrastructure tail, if you will, should not be that significant if we plan the deployment right.

Rostker: Let me also say that don't look for tomorrow morning to expect us to have the PKI infrastructure throughout the department. I was told this morning, for example, that that date is years in the future, "years" being three, four years in the future before the entire department is fully configured to exercise the PKI infrastructure.

This is the first step, is having a reader and nothing to put through it. They use -- at this point, duplicate the current ID technology, and it gives us the expansion to ensure that we can produce the cards in a timely fashion, we can control them, we understand their vulnerability to the wear and tear with our folks, and that they will be here for the future as we implement the technologies.

Q: Can we quote the secretary -- (off mike) -- for government and State Department? Are you all taking the lead on this whole thing?

(?): Yes.

Brubaker: In fact, I was just sitting back here thinking to myself, I just want to let all of you know that we're going to eat our own dog food here. My organization, the CIO [chief information officer] organization, is about to outsource its IT infrastructure, and one of the things that we put in the request for quotes was using smart-card technology according to our standard, and we are going to have that deployed probably within the next nine months or so.

(Cross talk.)

Q: By "we," who do you mean?

Brubaker: Oh, by "we"? It's actually --

Q: (Off mike.)

Brubaker: No, I mean the ASD C3I [assistant secretary of Defense for command, control, communications and intelligence] organization, and hopefully that's where -- it's Mr. Money's organization. He's the CIO of the department; I'm his deputy. We're going to beta test it there and then deploy it out to all of -- hopefully, deploy it out to all of OSD [Office of the Secretary of Defense] or make it a standard for all of OSD.

Q: Could you get into a little bit more of what information the card holder must supply so that you know that the card holder is really the card holder? Is it a password, or is it things that have been contemplated, like biometric, or could it be any of those things?

Dixon: When you're issued the card, you go to an issuing station, and the first thing they do is they check your -- whatever flash ID cards you have against what we call the DEERS [Defense Enrollment Eligibility Reporting System] database, which is the database that has in it all of our military, civilians - not the contractors yet -- people. And so they will verify against that database that you are -- against the picture that's in there, against the information that's in there, that you are who you say you are.

Q: Initially, I mean, when you're using -- accessing the computer --

Dixon: When you're using that, what they will do is they will use basically the PIN number, at this point, yes. There probably will be some discussion in later years about whether we use also a biometric or not, but at this point it will be, number one, the certificate that you had issued on your card, which is what's supposed to authenticate that you are who you say you are. There's a PKI certificate that was downloaded onto your card when you were issued your card.

Rostker: When I was issued this card, they also took an electronic reading of my fingerprint, okay? And so in the future, if that level of security is required on the net, just as you go up through the net to work the PKI, a verification of fingerprints could be an addition.

Now as far as any other information, it's basically the same information you would give in a descriptive way.

The front of my card looks a lot more blank than the picture that you see there, because there is further information that is required or the Geneva Convention, since this is the official ID card for active-duty personnel. So it will be tailored further.

But as part of the registration process, a verifiable fingerprint was taken, and the way it goes, you put your finger down, they take the fingerprint, then they verify that it's good fingerprint. And we even went back and put my hand down again. So we have that added --

Q: Would -- the readers on the computers, though, would have --

Rostker: No, but there are specific --

Q: Can I -- let me just --

Q: Go ahead.

Q: Let me ask -- (inaudible). It seems like what you're saying is that if you have a number, which I would call just the same as a password, and you have somebody else's card, then you're off to the races.

Rostker: Depending upon this particular application, but that is the minimum level of additional information.

Q: And a lot of people who worry about such things say that the password is that -- or pass number, whatever -- is the most vulnerable thing in the whole system. So isn't that sort of a problem?

Brubaker: It's -- you know, it's not -- this isn't designed to fix all of our security problems. But you've actually pointed out something that is accurate.

But let me just tell you what -- something that we're going to do within the C3I shop. We're going to test both smart card and biometrics. We're going to link them both. The technology's available to do this now. We want to test it to see how well it works, because ultimately you do want to get away from the password.

But right now, I mean, as a way to speed deployment and make it easy on as many people as possible, we thought that this would be the best way to do it. And we're talking about deploying this for the NIPRNET initially, which is our unclassified network.

Rostker: One of the things we were interested in, in the Army, when I was undersecretary of the Army, was biofeedback, and particularly continuous biofeedback, because just signing on to a computer network -- and then you could walk away from it, and you're signed on. And one of the things we were interested in, in the battlefield situation, is retina scans or other continuous feedback, so that if a position was overrun, if a node in a computer network -- tactical network was compromised, the system would close down. So there is work in doing that.

But for this, the primary is the PIN. Secondary could be verification of fingerprints, if we had a fingerprint reader. And of course, security would increase, depending upon the demands we place on the particular application.

(?): Mary, did you want to help clarify that?

Dixon: Yes. There's probably two things you need to understand. One is that, first of all, this is better than a password, because we're now at two factors. You have to have both the card and a PIN number. You can't get into your computer system with just the PIN.

Secondly, you should also know that the card is designed so that three -- more than three attempts to guess a PIN will invalidate the card, so it would then have to be -- you'd have to go back to the issuing station and have a new password, so that there is some additional security.

Q: What's the -- do I understand -- would this become -- is this going to become the universal U.S. government ID card, or is this just confined to the Department of Defense?

Rostker: At this point, just the Department of Defense.

Brubaker: There is a joint program with GSA that we're working on, for a common access card throughout government. But there are some -- obviously some very clear security issues. I mean, we'll probably have a higher standard than anybody else -- well, than a lot of folks in government.

Q: (Off mike) -- for instance, the CIA, the National Security Council -- I mean, you can think of lots of other agencies that need -- are they developing their own card separate from this one, or are they waiting to see how yours works, or what?

Brubaker: I mean, they're working on -- I mean, obviously, we're not going to tell them that they can't do what they need to do, if they think that they need to do something to secure their networks immediately or secure access to their buildings immediately. But they are looking at what we're doing and taking an active interest in our particular program.

Q: Doesn't it make sense to have one card for all of these agencies, since they all have the same need for security?

Brubaker: Sure. But let's not let the perfect be the enemy of the good here. I mean, I think it's important that we get positive control over our situation. We are communicating with GSA; we're participating in their particular program, which is to design a government-wide, common access card. But we just -- you know, I don't think it is prudent for us to wait until that effort matures to the point where we're deploying it government-wide.

Q: Well, just to follow --

(?): Go ahead.

Q: Well, just to follow that train of thought; if GSA decides on a different standard or a different kind of card, then all the money you're spending for this, you'll have to go to something else?

Brubaker: No, no. Not at all. In fact, I mean, our efforts are very closely linked.

Mary, you've worked with GSA on this effort. Do you want to give specifics?

Dixon: They have a certain number of standards they've already developed, and we have complied with every one of those standards so that we are in compliance with what they are looking towards. And I would tell you that probably -- having worked with them -- it's unlikely that they would come up with a card that would require us to throw all of these cards out and start over again. So that I think when they're talking about a common card, they want it to be interoperable, and that's the purpose of their contract that they have, and that's what we have been working towards, is to have cards that are interoperable; that my card will be able to be read by the people in the Department of State.

Q: Two other quick. One is, what specific information is embedded in the chip, in this card? For instance, are medical records on this? Is this something that might be done in the future?

Rostker: We still are exploring the whole issue of medical records. One of the issues on the battlefield is how well this holds up. It would certainly be in the pocket. We want something that is more available. So medical records might be, but we are still looking towards the dog tag.

Q: Well, initially, what information are you going to --

Brubaker: Initially, the certificates for the PKI, the Public Key Infrastructure.

Q: And one last question. Is this sort of a first step toward a national ID card where everybody in the United States might eventually be identified by this kind of a card?

Rostker: This is a first step for the Department of Defense to enter the 21st century for e-commerce, for securing our computer networks.

Q: I have a question about royalties, please.

Are there any royalties paid to the French inventor of this card, Mr. Moreno? It's a chip that has been equipping the French banking cards and telephone cards for 20 years.

Rostker: I think you would have to take that up with the vendor who we buy the card from. We purchase the card -- there are, as indicated, GSA contracts, and whatever the situation is in terms of copyrights and the like are, at this point, not being addressed by us.

Q: The Geneva Convention requires -- what? -- name, rank, and serial number? I don't think there's a serial number on there. Is the Social Security the number, or is the bar code the serial number?

Rostker: The Social Security number is our serial number and has been for at least the last 20 to 25 years.

Q: So will this replace the military ID card that allows access to base?

Rostker: Yes, that --

Q: If so, are you also doing these for spouses and dependents?

Rostker: Exactly.

Q: So is that in addition to the 3.4 million to 4 million military ID cards, or is that considered by the --

Scheflen: Not doing it for spouses.

Q: You're not doing it --

Rostker: I'm sorry. Say that again, Ken.

Ken Scheflen.

Scheflen: At this point we are not giving a chip card to spouses, dependents, or retirees. The reason is we don't have a requirement that would justify the cost of an $8 card versus the current card.

So they will continue to get the current card that they are getting. And, in fact, they are all made in the same place. What we've added -- what we've done is added smart card-producing equipment to the existing suites of stuff to produce the current card. So a computer terminal in a personnel office, for any of you who've been there, will be capable of producing either card.

Q: Another question on medical records. I seem to recall a year or two ago that the surgeons general, the services all were down here and showed us a prototype of a medical records card. Is that development continuing? Is it held in abeyance while you proceed with this, or -- ?

Rostker: No, it is continuing. I would be less than honest if I said I wasn't disappointed in the speed with which it's continuing. And one of the things I've pressed, since I've become the undersecretary, is to move that project forward.

There's issues -- in terms of this card, there are issues of the memory of the card, as well as its physical access on the battlefield. So we're still looking towards a medical dog tag. But we're not where I believe we should be on that issue.

Q: Bernie? You're not going to put total medical records at the moment, but it would seem logical and feasible at least to have blood type on it. Any thought about that?

Rostker: Blood type's on there.

(Off mike.)

Rostker: Yes, ma'am.

Q: Just to go back in the time line of things, I know they said in maybe three or four years it's going to be Defense-wide. Can you just -- tomorrow -- what's the deal now? I mean, where do you have it now? Can you specify that?

Rostker: Well, starting in a limited number of places in the Quantico area, Hawaii -- Hawaii?

(?): Hawaii's already tested.

Rostker: -- soon to the Pentagon this will be the card that will be issued and this will be rolled out across the Defense Department. So in its first incarnation these will be, over the next two or three years, the card that everyone will have. As we move forward with the applications, the first Defense-wide application will be as the key for the PKI. Now, obviously, you have to have both the equipment, and you have to have the people with the cards to marry up. And that's what's going to take place over the next several years.

Yes, sir.

Q: The vendor on this, is this ActivCard, the commercial vendor providing the -- ?

Scheflen: ActivCard is involved. They are the vendor for the middleware that we are using at the issuing sites, which is a very different perspective than equipping all the computers and all the other applications around the department. We have approximately 900 locations that have issuing stations, 1,500, 1,600 pieces of equipment, there'll be another couple of hundred put in. And so ActivCard's involvement today is limited to just those sites that physically issue the cards.

Q: And what is "middleware"? What does that mean?

Scheflen: That's the -- the middleware is what interprets the card to the computer.

Q: As you transition the active card to this new updated one.

Scheflen: Say -- say again.

Q: As you take the current card and you update it to include all these new information?

Scheflen: No. The current card, the existing ID card is not relevant for ActivCard.

You know, you basically need a piece of software that tells the computer how to read the card. Okay? That's what "middleware" is. And in making cards, you know, we have to tell the computers how to make cards. And so we -- you know, for our 2,000 or so that wind up with pieces of equipment that actually issue cards, ActivCard is involved in that, and only that at this point.

Q: Why did they get that contract, and what is it worth?

(?): Do you know, Mary?

Dixon: I've got to look up the amount of -- I don't know what it's, what it is worth exactly, because it's a -- I know the budget in terms of the total amount, and there were a number of contractors involved.

So which part they got, I don't know.

Q: Well, what is it about their technology that caused you to choose them to supply the "middleware," quote-unquote.

Dixon: The decision got started when we selected a Java 2.1 architecture, and -- because we were looking for a multi-application card with the ability to securely download applications onto the card after issuance, and the Java with the open platform -- what used to be the Visa open platform, is now global open platform -- were big pieces of our ability to do that. It may be in the future that there will be other technologies, such as the Windows-powered smart card or the Multos cards are all multi-application types. But at the time we started this development, the only thing that was clearly out there in any great numbers that were being used by the commercial sector was the Java 2.1. And through the work with Sun, that's how they got into the -- got associated with ActivCard. Now they've also been working with a number of card vendors.

Q: Who -- that is how "they" got associated? Who got associated?

Dixon: I'm sorry. The Defense Manpower Data Center did a lot of the development work for the issuance process. The cards are really off-the-shelf, commercial off-the-shelf products. And so the first card that's being issued is an Oberthur card. And -- an Oberthur. That's the vendor who makes the card. O-b-e-r-t-h-u-r. And there will probably be some Gemplus cards in there as well.

Q: Some what?

Dixon: Gemplus. Gemplus is the other card vendor. But that's for the first 50,000 cards. They were the only ones that had Java 2.1 cards available at the time. And when we go to the larger order of cards for January, which is probably going to be around a million cards, that will be competed through the GSA contract.

Q: What kind of chip is on this card? And how much memory does it have?

Dixon: It's a 32K. Has a crypto -- that's a 32K EEPROM [electrically erasable programmable read-only memory]. And it has -- and it's a crypto co-processor. And it's just an integrated circuit chip.

Q: Does it have a memory storage capacity?

Dixon: Yes, 32K.

Q: To come back to my question, have there been discussions about the pros and cons of these chips with European allies? I understand that it's used by the French military and it's standard in -- (inaudible) -- banks for 12 years and -- (inaudible) -- banks also.

Brubaker: We have looked at most of the large smart card and PKI-on-smart-card rollouts in the world, including the Spanish government and the Finnish government. The specs for the card that Mary talked about earlier, essentially a global platform Java card, is becoming the standard in the industry.

There will be many more millions of those produced for the credit card world, and we're going to buy. What makes our application probably a little unique from most of the others is it's what's called a multi-application card. Most of the other rollouts have either been a banking card of some sort, electronic purse, or they have been a PKI platform only, as the case in the Spanish government. We're doing both. We're putting both applications and -- you know, potentially, we could put a purse on it, if we wanted to. We're definitely putting PKI on it. And it's the use of Java that allows the card to perform this multi-app function.

So, you know, we are very aware of what's going on generally in the smart card world, and we are in contact with the card vendors and the chipmakers and the users of this.

Q: I understand what you said earlier about encryption. Will the commercial firm or firms that are supplying these cards, will they also own the computers where the information on the card is stored? In other words -- or will DoD have all that information about -- personal information about the cardholder or will there be commercial vendors who will have that information?

Scheflen: No, the commercial vendor sends essentially a blank card. You know, we personalize it in DoD and, you know, the data is in DoD computers. There's no vendors -- I guess -- if we're talking chipmakers or card-makers, no, they don't have any data about anything on the card.

Rostker: I think, as you can tell, this is a technical subject that we're all going to learn a lot more about, from our credit cards and applications, as the time goes on. We think this is a very significant first step in moving us towards a series of applications that will allow us to move towards a paperless series of transactions. And we are most enthusiastic about the integration of the personnel aspects with the IT aspects in the PKI, so that we are using one card instead of a myriad of cards, and eventually there will be one card around your neck instead of a whole bunch of passes and ID cards. That's our goal, and we think this is an important day for moving the Defense Department forward.

Q: Thank you.

"THIS TRANSCRIPT WAS PREPARED BY THE FEDERAL NEWS SERVICE, INC., WASHINGTON DC. FEDERAL NEWS SERVICE IS A PRIVATE COMPANY. FOR OTHER DEFENSE RELATED TRANSCRIPTS NOT AVAILABLE THROUGH THIS SITE, CONTACT FEDERAL NEWS SERVICE AT (202) 347-1400."