AFGE Local 2113 -- CAC Survey
On 22 January 2002, the survey below was distributed by email to the
bargaining unit (BU). Votes were taken on each of three subjects. On
average, 22% of the BU responded on each subject. Results are tallied
below and followed by the survey.
Don't Track 166 = 87% of those voting on tracking
Track me 15 = 8% of those voting on tracking
Track-NoOpinion 10 = 5% of those voting on tracking
---
Total 191 = 25% of BU
ID Concern 137 = 84% of those voting on ID
ID-NotConcerned 23 = 14% of those voting on ID
ID-NoOpinion 4 = 2% of those voting on ID
---
Total 164 = 21% of BU
Med Control 152 = 90% of those voting on control of medical information
Med-NoControl 12 = 7% of those voting on control of medical information
Med-NoOpinion 5 = 3% of those voting on control of medical information
---
Total 169 = 22% of BU
(Total in barganing unit (as of 03 Jan 2002) = 777)
CAC card SURVEY
Many of you have already obtained a new CAC (Common Access Card) ID badge.
This badge has been loosely but incorrectly referred to as a "SmartCard"
(SmartCard is a different card and a different program. The new ID badges
that Security has been issuing at NAWCTSD in recent months are CACs.).
While the CAC (Common Access Card) ID badges will bring us several new
capabilities, Local 2113 has requested Impact and Implementation (I&I)
bargaining to address certain issues. Before we conduct these
negotiations, though, we need to know any additional concerns or issues
which you might have (and whether anybody cares). Therefore, we solicit
your responses to this survey.
In this survey, we are soliciting votes on each of three subjects. You
can vote as many times as you want to by reopening the message and
pressing the different voting tabs, but if you cast the same vote more
than once, duplicates votes from the same person on the same tab will be
discarded. Contradictory votes from the same person within the same
category will be counted but will tend to cancel each other out.
Each time you vote, you will be provided with an opportunity to attach
comments. In your comments, please include your suggestions as to what
questions we should ask and what other areas, if any, we should
investigate before and when negotiating use of this Card. If you would
like to help with the negotiation, please also indicate that. (You must
be a member of Local 2113 in order to serve on a negotiation team.
Training is available for members who wish to get involved with
negotiations.)
If you don't have voting tabs at the top, you may vote by replying and
inserting the appropriate words (in boldface: below) at the beginning of
the subject line. If you vote this way, please clear this original
message from the body of your reply and include only your additional
comments in the Reply body. This will aid in sorting replies and
compiling results.
Now, here are the issues we have identified:
PROXIMITY DETECTION:
In informal discussion, Steve Owens has indicated that proximity detection
of the CAC is not currently implemented but is anticipated in the future.
It is our current understanding that proximity detection including
recognition of identity will not be possible with the current CAC but that
it is an option which is, has, or may be considered for future ID cards.
Proximity detection could provide benefits such as automatically logging
you in/out of the building as you enter or leave through a door equipped
with such a detector. Technology also exists by which an ID badge (not
necessarily the CAC) can be automatically located. This sort of
technology is useful for quickly locating personnel, when they are
urgently needed, or for locating survivors or bodies (or badges) in the
event of a building fire, bombing, or other such calamity in order to
identify who is still in the building and exactly where they are.
Such technology could also be put to use to automatically charge leave
when a person is not present in the building during core hours, or to
track employee movements and build databases tallying how much time is
spent at different places. In the case of badges which are locatable by
satellite, the technology could also track the badges' movements during
off-duty hours. Local 2113 is not currently aware of any plans to
implement such tracking, but with detectors and badges which support such
technology, it would be possible. We feel that such tracking would be an
inappropriate invasion of personal privacy and could create a hostile "Big
Brother is Watching" work atmosphere which in turn would lead to a
reduction of morale and productivity as employees would begin spending
more time documenting their movements and reasons for them. If such a
system was used for timekeeping or to support disciplinary measures,
considerable confusion could ensue from employees being out of the
building for building evacuations or official offsite meetings, offsite
meetings with contractors, or other official offsite business. We
therefore feel that tracking of employee movements is not in the best
interests of the employees or employer, and we wish to ensure, by
negotiation and contract, that employee tracking will not be implemented.
How do you feel on this matter? Please vote by pressing one of the
voting tabs above according to the following tab definitions:
TRACK ME: I think employee tracking is a good idea.
DON'T TRACK: I prefer not to be tracked, or I don't care whether I am
tracked, but I don't think tracking is a good idea.
TRACK-NO OPINION: I have no opinion on this issue, but I would like to
file the following comments and/or suggest the following inquiries. (If
you have no comments, you can also cast a don't-care vote by voting this
tab and including no comments.)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
IDENTITY THEFT:
If someone else has possession of your Card, will it be possible for them
to masquerade as you? Will they be able to login to your LAN account,
send email broadcasts as if they were you, and digitally sign items with
your digital signature? We don't know the answers to these questions yet.
We expect that confirmation of your identify will also include a password,
PIN, or fingerprint such that mere possession of the Card will not be
sufficient for a masquerade. However, if the additional required
information is only a 6-digit PIN, then we still have concern for persons
who have picked easily-guessed PINs, such as their birth dates, or last 6
digits of their SSN's. How easy will it be for an employee to change his
PIN? If the employee logs on to his LAN account and then walks away from
his desk, then could someone else take over the station and masquerade as
that person (as is possible now before a password-protected screensaver
has kicked in)?
If a masquerade is successful, then what is the liability of the
person to whom the card was issued? Can a masquerador commit the issuee
to responsibility for unauthorized obligations? Could an employee be
disciplined for unauthorized or inappropriate use of the Card by a
masquerador as if he had actually done the unauthorized acts himself?
Will digital signatures and all actions taken from within a given LAN
account be construed as prima facia evidence that they were signed or done
by the issuee without consideration of the possibility of a masquerade?
If an employee loses his card or leaves it at home, will he be able
to do any work which requires access to a LAN computer?
All these questions remain to be answered, and we ask that you
submit any further questions or concerns which you may have which are not
already included here but you feel should be addressed. Please indicate
whether or not your share our concern and add any additional questions or
comments by voting as follows:
ID-CONCERN: I share the concern over the possibility of identity
theft, OR though I am not concerned for myself, I agree that this is a
reasonable concern and that it should be negotiated.
ID-NOT CONCERNED: I am not concerned about the risk of identify theft,
AND I do not feel that such concern is reasonable or warrants further
investigation or negotiation.
ID-NO OPINION: I have no opinion as to whether the risk of ID theft is
real or should be a concern, but I would like to make the following
comments and/or suggest the following inquiries on this matter.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PRIVACY OF MEDICAL INFORMATION:
We have not yet discussed or been briefed on what, if any personal medical
information might be stored on the Card. Timely availability of certain
medical information could be critical in the event of a medical emergency.
However, it is understandable that some persons may prefer not to have
some medical information included on their CAC available to anyone with
the capability of reading it. For example, persons with certain medical
conditions may prefer to keep their status confidential out of concern for
possible discrimination without regard to whether or not such
discrimination would be lawful. Who will be able to read the medical
information? Will anyone who can read any of the information which is
stored on the Card be able to read all information which is stored on it?
How do you feel on this issue? Please vote as follows:
MED-CONTROL: I would like to have control over what medical information
is included on my Card, OR, regardless of what information is on my card,
I think each person should be allowed to control what medical information
is included on his/her card.
MED-NO CONTROL: I don't care what medical information is included on my
card or who has access to it, and I don't think anyone should have any
control over what medical information is included on his/her Card. I
don't think this concern is important enough to warrant further
investigation or negotiation.
MED-NO OPINION: I have no opinion on this issue, but I would like to make
the following comments and/or suggest the following inquiries concerning
this matter.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thank you for your thoughts and opinions. De-identified results will be
provided to the CAC negotiating team and will be posted to
http://www.mindspring.com/~afge2113/surveys/indxsurv.htm within 2 to 4
weeks.
AFGE Local 2113
We need your input in order to serve you better.
This page was last updated on February 12, 2002