Six years ago, President Bush sought to equip all employees and contractors with high-tech identification cards that would tighten security at federal buildings and on computer networks.

But that effort has largely failed so far to live up to its promise.

Nearly 11/2 years after employees and contractors working at federal facilities were supposed to have been issued the new IDs, about 1.1 million still do not have them: Just 42 percent of employees and contractors at non-Defense agencies have received the cards. And only a handful of federal agencies have readers and other infrastructure installed that can make full use of the personal data embedded on the cards, such as fingerprints and personal identification number codes

"Absent those uses for the card, the card is worthless. So we need to put it to work," said Scott Glaser, a senior program manager in charge of physical access controls at the General Services Administration's Public Buildings Service.

Governmentwide, 82 percent of the 6.2 million employees and contractors required to obtain the enhanced-security ID cards had received them by the end of 2009, falling short of the original mandate to have all cards issued by October 2008. Most of the progress has occurred at the Defense Department.

There's been even less progress in using the cards to secure access to buildings and computers. Only a relative handful of the government's 400,000 owned and leased facilities have card scanners and other technology needed to read the personal data encrypted on the cards and detect automatically whether the card holder should be granted access to the particular building or office. The IDs include a computer chip that holds at least four pieces of data to verify the cardholder's identity: two fingerprints, a personal identification number the cardholder would know, an identifying number unique to each card and a digital signature.

A major hurdle, federal managers say, is that agencies lack money to purchase and install the readers and related technology. The Bush administration issued Homeland Security Presidential Directive 12 (HSPD-12) — the presidential order requiring the governmentwide rollout of smart IDs — in 2004 without providing any additional money for agencies to perform the more robust background checks on their employees and contractors that were required, to purchase the cards or to purchase and install the systems needed to use the card's enhanced security features.

"This was an unfunded mandate," said Bob Shaw, director of security at PBS.

More progress has been made in using the cards to access personal computers and laptops since that requires less investment. Defense, State and some other departments require employees to use the cards rather than passwords to log in to their computers.

Requiring employees to use the cards to access computers had an immediate impact at Defense: Intrusions to the department's unclassified networks dropped 46 percent after all employees began using the cards to access computers in 2006.

Agencies are "just getting through the issuance of the cards," said Mary Dixon, director of the Defense Manpower Data Center, which manages card issuance at the Pentagon. "Now it's a matter of, how do I use this in a way that makes sense so this is not just a card that I hang around my neck, but I'm actually using it."

Defense officials have already found other uses for the cards:

• Managers use them to digitally approve travel claims, leave requests, fitness reports and other work documents, which expedites approvals and saves paper.

• Employees use the cards to open encrypted e-mails containing sensitive or personally identifiable information.

• Employees can use them as cash cards for approved purchases. For example, Marines entering boot camp can get cash advances loaded on them.

• Employees can use them to ride local subway trains and buses. For example, Defense employees in Utah receive mass transit subsides on their cards and use them when commuting under another pilot that likely will be expanded to other metro systems.

Vivek Kundra, federal chief information officer, said the number of cards issued to federal employees and contractors increased 65 percent last year, indicating that the Obama administration and agencies are focused on the effort.

The Agriculture Department, for instance, increased the number of cards issued from 21,000 in October 2008 to more than 86,000 by the end of 2009. The agency deployed card readers and related technologies at more than 150 of its facilities to manage facility access, a spokesman said. Still, the department has much to do in deploying card readers at all 25,000 buildings it owns.

Neville Pattinson, vice president of government affairs and technology at Gemalto, a leading smart-card vendor, said it may still take a couple of years before all employees and contractors are issued smart IDs and even longer before agencies outfit their buildings with systems to accept the cards. "Each agency has a unique set of challenges, no question," Pattinson said. "Some are small, some are distributed. There is no single recipe that works for any of this."

The costs of outfitting the 9,000 buildings that the General Services Administration owns and leases for federal agencies will be passed on to tenant agencies through the rent it charges. GSA officials say they don't know how much it will cost to roll out the required technology, but it will be far less today than it would have been even a few years ago because of technological breakthroughs and an expanded marketplace.

"We are very pleased we're taking this slowly and methodically," Glaser said. "We're doing this methodically to be sure we have it right. We can't afford mistakes."

Input, an IT consulting firm, estimates that agencies will spend $500 million this year on goods and services related to HSPD-12. Spending is growing at a rate of about 6.5 percent annually, said John Slye, principal analyst at Input. He said it's difficult to predict how much agencies will need to spend to fully implement HSPD-12 since agencies could generate substantial savings by taking advantage of economies of scale.

"Dollars isn't necessarily a good reflection of success. It's hard to put a full price tag on how much it would take to put a reader on every door and building," he said.

Besides the readers, agencies also must deploy systems capable of reaching into employee and contractor databases at other agencies so they can authenticate that a visitor from another agency has a valid card.

"Any card you want to present to me that was issued in the Department of Defense, I know immediately whether it's a good card or not. I have no clue for anybody at any other federal agency," said Dixon of the Defense Department.

Agencies also have yet to agree on the systems and approaches they will use to manage physical access, a process Dixon likened to the videotape format competition between Beta and VHS 30 years ago. Unless agencies adopted a common standard — which Defense and GSA have done — it's unwise to spend precious dollars on systems that may not comply, experts said.