President Bush issued a directive last year that will soon change how employees and contractors enter federal buildings and log on to federal computers. The government's implementation of Homeland Security Presidential Directive (HSPD) 12 is based on computer-readable personal identity cards and a governmentwide public-key infrastructure (PKI).

With those technologies, federal officials say, they can prevent almost anyone from accessing federal buildings or information systems with fake identity cards.

But people familiar with the government's implementation of HSPD 12 say that agencies can derive many additional benefits from those technologies. From interviews with nearly a dozen security experts, Federal Computer Week came up with a list of six other possible uses for the secure smart cards and PKI that most federal agencies will have by the end of 2006.

Get control of the devils inside

Several security experts said they expect the Army and some federal agencies to use the new security infrastructure for tracking the activities of service members on military bases or employees in federal buildings, a use that many privacy experts oppose. Most building security and computer systems generate activity logs. The use of a single identity credential to access those systems will make it easier, within established privacy guidelines, "to find out what people are doing and where they're doing it," said J.R. Reagan, managing director of the security and identity management practice at BearingPoint, a business consulting and systems integration company. "There's some of that today," Reagan added.

But cost-effective uses of personnel tracking require a unified security management infrastructure that most military bases and federal facilities have not implemented. HSPD 12 and a related set of specifications known as Federal Information Processing Standard (FIPS) 201 require an infrastructure that could help agencies uncover possible insider threats to data security or data privacy, said Christopher Michael, technology strategist at Computer Associates International.

Such a use of government-issued smart cards would be appropriate, said Phil Libin, president of CoreStreet, which sells electronic identity verification services. "As a private citizen, I want government employees to have these cards," he said. "I want to know that all actions in the government can be logged and audited to give accountability."