Kevin Kaporch | The Keys to Secure Documents
GCN Interview with Kevin Kaporch, the Government Printing Office's director of product security
- By Jana Cranmer
- Apr 27, 2007
Let's face it: The integrated circuit is becoming our front line of defense. Kevin Kaporch
As the Government Printing Office's director of product security, Kevin Kaporch has a lot of experience with supply-chain security and counterintelligence. Now he is offering his expertise to the broader community. In March, he stepped up as a government adviser to the Document Security Alliance (DSA). The alliance is a public/private partnership of more than 75 companies and 15 government agencies.
It was established after the 2001 terrorist attacks to provide a forum for sharing techniques that could prevent counterfeiting of documents such as passports, birth certificates and driver's licenses. Kaporch will continue serving full time at GPO as he begins volunteering for DSA. GCN asked Kaporch about what he plans to offer DSA and what work he does at GPO.GCN: What do you do as director of product security?Kaporch:
It is my job to ensure the integrity and security of our manufacturing process, as well as the supply chain that feeds that manufacturing process.
[The job] entails protecting the manufacturing process, making sure it has total integrity and security. It also goes to the protection of its supply chain.
Passports have more than 100 components to keep them safe. Those sources need to be embedded; we need to know the paper hasn't been compromised and that it's manufactured in a secure way.GCN: What are some of the biggest challenges to product security?Kaporch:
It is all about the supply chain. For example, something like a Social Security card is one product GPO produces but doesn't produce it [in-house]. It is a contract with one of our security printers, so we would do the same thing we would do with our own plant ' make sure the plant is secure, that their personnel are cleared, if necessary. And we'd look at their supply chain. We'd want to know if the substrate for the Social Security card is produced in a secure way. We'd audit the environment and want assurance that the product is not manufactured for anyone else.GCN: What techniques are counterfeiters using? What is being done to combat the techniques?Kaporch:
The common desktop scanner and software programs like [Adobe] Photoshop are the most common threat out there.
[For a potential new] GPO product, we look at a matrix of options and consider three major groupings: design, materials, technology. We weigh the challenges and risks and go through the matrix to start defining the end product. We take [technology] from what is out there and develop our own as well. [We've investigated] microprinting, latent images, split-fountain techniques, color-shifting ink, penetrating ink, invisible fibers, watermarks, holograms, electronic circuits, magnetic material. We try to deliver security features but also weigh costs.GCN: What experience has prepared you for being director of product security?Kaporch:
I started with the inspector general's office of GPO. This was a good segue for me in this job because during those 12 years I was focused on product security and integrity to make sure that the agency was doing a good job. They recognized the need for someone to manage this on a broader, full-time basis, so they created a position of director of product security, and I've been in that for two years now.GCN: What kinds of challenges do you see in the years to come?Kaporch:
The challenges are going to be meeting government's demand in this integrated-circuit world. I think I see down the road circuits being printed on paper. [Alcatel-Lucent] has already started to do that. We're going to be looking to industry to keep providing us with the ability to integrate that kind of technology into paper documents or card format documents.
Let's face it: The integrated circuit is becoming our front line of defense. GPO will be in the smart-card business'with our [public-key infrastructure] and our specialized security printing techniques. Using a PKI process, we can authenticate documents. They'll be delivered in a variety of forms ' in [PDF], pure digital video, audio. [These PKI-locked documents] will be a really tough thing to crack ' too daunting for any counterfeiter to waste the time on.GCN: What is DSA's role?Kaporch:
It is a public/private partnership that exists to provide legislators, government and industry with research results: white papers on technology and other issues to allow [them] to make good decisions about security documents. We have manufacturers of paper, folks from the electronic world to government agencies like GPO and the Federal Bureau of Investigation. It is a collaboration of people getting the best information on what is out there to defeat counterfeiting so the industry knows how to provide countermeasures to threats.GCN: Is there any way to quantify these threats?Kaporch:
DSA did an extensive white paper on birth certificates ' there are more than 6,000 entities in the United States empowered to issue birth certificates and more than 4,000 valid forms of birth certificates in circulation. The challenge is how to effectively authenticate that.
There are [ways to improve the authenticity of] birth certificates. Basic certificates could be federally provided. [States would receive] initially secure documents and some kind of unique manufacturing ' perhaps watermark ' for unique identity printing that could not be altered after the fact. The need for a federal standard for birth certificates came out of the [Intelligence Reform and Terrorism Prevention Act of 2004]. DSA and GPO have a small team that helped the Health and Human Services Department through this process with states.GCN: Both the Secret Service and the CIA also participate in DSA. What insights could they offer?Kaporch:
The Secret Service, CIA, the FBI, the Homeland Security Department and National Security Agency [all] offer great insight. They know what the current threats are because they're on the front lines. They're the first to know when a document has been compromised, and they take them apart in forensic labs to determine how it was manufactured, counterfeited or altered.