No, really. Why?

From the homeland security boodoggle department comes PIVMAN - a sort of personal-identity-verification super-hero.

Federal government employees are beginning to carry uniform ID cards under a program created for no apparent reason other than a vague knee-jerk appeal to “security.”  Now along comes PIVMAN, a mobile ID card reader touted by its manufacturer as the reason for all the cards.  The whole story is finally made sense of in SecureID news:

“[PIVMAN] is the first complete out of the box end user application that answers ‘why’ … we built these infrastructures, spending all this time and money,” said Mr. Libin [president of PIVMAN seller Corestreet]. Consider the Department of Defense’s Common Access Card: “We started working with them five years ago and they’ve already issued millions of cards, but no one was really using them. People at DoD had spent all this money for a new card, but there were very few applications for it… . PIVMAN is the first actual end user visible application.”

Get it?  The reason for the ID cards is so that they can be checked

At $24,950 for two handhelds, charging cradles, and the management software, this is all entirely worthwhile.  After all, without these super-expensive card readers, the millions spent on IDs would be wasted!

No, really, there must be some use for this junk.  Let’s try again.

If there’s a disaster, or attack, there are several waves of first responders, explains Mr. Libin. “These people are typically concerned with halting the damage, but pretty quickly after that it becomes a more organized process and you get other types of first responders, such as fire fighters or maintenance workers. You need to control who gets into the disaster scene. You have people with the PIVMAN controlling the perimeter. Anyone getting in presents his or her card, a person scans or swipes the card into the PIVMAN and he quickly knows if it’s a valid card. It also displays what privileges are associated with that card. If you’re allowed to deal with hazardous material, you can be directed to the appropriate place for HAZMAT cleanup and the PIVMAN logs in that activity.”

There you have it.  This stuff makes disaster scenes orderly.  ‘Yes, I understand that the hazardous materials are over there, but the designated area for HAZMAT cleanup is actually behind you.  Thank you for submitting your ID to PIVMAN.  Now go wait where you’re told.’

Let’s try one more time.

“Securing access to our nation’s ports and maritime facilities is a key use-case for the PIVMAN System,” said Mr. Libin following the demonstration. “The mobility of the PIVMAN System speaks to the nature of the maritime industry. Now you will be able to check any individual’s FIPS 201 ID, including TWIC … whether that person is driving a truck or on a ship, the information will always be available, even when networks are not.”

This is close, but still not a sufficient for a digital ID reader.  If it’s about access control, all you need is an analog card and someone with eyeballs.

Matching means to ends is difficult in security.  Selling means to the government in hopes of finding some end for it to serve - not so difficult.