There was a peculiar piece in the American Spectator online last week, a “Special Report” by Mark Hyman. The author lists a number of unfortunate circumstances by which harmless passengers, many times military personnel, have been delayed or hassled by TSA and airport security protocols. He blames these anecdotal mishaps on “government bureaucrats armed with ‘rules, policies and procedures’ and employing no commonsense.”
He goes on to question a number of security and procedural policies in government and military institutions, which he thinks are unnecessary and demeaning to the personnel at these institutions. As a primary example, Hyman makes the case that the rules for issuing and renewing CACs (Common Access Cards) are unneeded and absurd.
He is miffed because he did not renew his CAC before it expired and he had to go though a bureaucratic process to straighten this out:
“My CAC had expired days earlier so I contacted an issuing office to get a replacement. A clerk in the ID card office informed me that all appointments had to be made online using the intranet. Yet, my expired CAC prevented me from using the intranet system. In spite of my predicament the clerk told me, “Our policy requires all appointments to be scheduled online. If you are unable to use the intranet, then there is nothing more I can do.” It sounded like the beginning of an Abbott and Costello routine.”
“Rather than fight this particular battle, I decided to renew my CAC at another issuing office. While there, I was asked to produce a picture ID. I showed my state driver’s license. I was then asked for a second form of ID and was told the CAC was not acceptable since it expired five days earlier. A week earlier it would have been valid, but on this day it was deemed worthless. So I showed the clerk my company-issued ID card that looked as though it was made on an office computer and laminated at the local Kinko’s. As a matter of fact, that was exactly how that ID was manufactured. But it was good enough. The clerk accepted the flimsy company ID over the just-expired military CAC.”
Hyman concludes,
“What makes this episode even sadder is that the military CAC is generally not accepted as a valid form of identification for use by visitors to the Pentagon. Visitors must also have a Pentagon-issued ID or another form of identification such as a state driver’s license. The reason, according to a security officer, is that at least one machine that manufactures CACs and several hundred blank CACs are missing and presumed to have been stolen. Security officials do not know which CAC is valid and which is a forgery.”
The latter claim is nonsensical and shows that the security officials Hyman chats with are miss informing him about how his CAC works. This too, expresses a common misconception— that possession of the card is the only thing that verifies identity.
To his point about the pains of standing in line to renew something only to find that you don’t have the right materials: I can empathize with this, but I cannot gather what rules Hyman thinks are silly, and which are reasonable. Is he arguing that he shouldn’t have to have a CAC, or that he should be able to use his expired CAC, by itself, for renewal? And what does this have to do with policy created by top-level military and government officials?
What is clear from reading the piece is that he doesn’t like the rules much because he doesn’t understand why they are in place. He wanted an exception so he could use his expired CAC. Similarly, in another of his examples, he complains that his wife couldn’t renew her own CAC using an expired passport.
There are two fundamental questions that would help Hyman better appreciate these rules: Why are identification badges, such as CAC cards, used? And, how is the true identity of a badge-holder verified? In other words, what is a CAC good for anyways?
The military provides several resources for answering these questions. In fact, had Hyman consulted these, or unofficial resources, anytime before his CAC expired he would have had less of a hassle renewing it.
Identity, and the privileges we associate with it, is an abstract thing that is difficult to verify. The best way for a large institutions to verify a person’s identity is to gather the various artifacts of identity, such as a state driver’s license, for this person and grade the validity of these items and the authority of the institution who gave the item. The bureaucratic pronouncements on this process (i.e. presidential directives and policies) say that the best way to verify the identity and authorization of millions of people is to create a system of rules that make the procedures repeatable, reliable, and safe. (One such rule may reason that an expired identity artifact should not be considered valid, even if it was valid yesterday.)
Now, the process of using a CAC card is not as simple as it could be. Systems that use badges for the identification of people and the verification of people’s permissions and authority are complex and imperfect, but this is not a problem of bureaucracy. It’s more a matter of improving these systems for most users and reminding users, like Hyman, why they were given a badge to begin with.
Digital Trust 