Feeds

Privacy groups slam US passport technology

American tracking

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

SEATTLE - Privacy advocates took the US government to task last week for the government's plans to add a wireless chips to next-generation passports.

The concerns focus on the US government's initiative to create machine-readable passports that will be rolled out to the diplomatic corps this year and to the general public starting in 2006. Privacy and security experts criticized the move as ill-considered, saying that the technology would leak data to those with specialized equipment, allowing Americans to be automatically identified by the passports they are carrying.

"You have to worry about identity theft, you have to worry about cloning without the victims knowledge, you have to worry about tracking and surveillance - all the things that go with people carrying a beacon that broadcasts their identity," Bruce Schneier, chief technology officer for Counterpane Internet Security, said on a panel discussion at the Computer, Freedom and Privacy Conference in Seattle.

The concerns revolve around the decision to make passports machine readable by embedding a wireless chip in the documents. The chip, a 64 kilobit contactless device similar to those found in many employee identification cards, would allow data to be read from a passport just by holding the document within 10 centimeters of a reader, said Frank Moss, Deputy Assistant Secretary for the U.S. Department of State's Passport Services group and the only government official on the panel.

Moss called critics' arguments - warning that terrorists would gain the ability to remotely identify Americans using the chipped passports - absurd.

"We would not use our own people as test populations if we thought there was any risk associated with this passport," he said. "The idea that you can walk down a hotel hallway and identify the Americans is, quite frankly, poppycock."

Moss added that to reduce the possiblity of any such scenario, the U.S. planned to put a nonmetallic material in the cover of passports that would block wireless signals.

However, privacy and security experts maintain that, much like other wireless technologies, the specified distance at which devices can communicate with the chip could be greatly increased by specialized antennas using more power. In a demonstration using a chip similar to the one specified by current documents, Barry Steinhardt, director of the technology and liberty program at the American Civil Liberties Union, showed that the passport could be read at a distance of a couple feet. He maintained that readers that could grab the information at greater distances, such as 30 feet, would be possible.

"Whether or not the Department of Homeland Security buys a reader that can read a passport at 10 centimeters or, like mine, at three or four feet, much more powerful antennas and much more powerful equipment are out there," he said.

The concerns come as the United States is leading the charge to move to machine-readable passports, requiring the nearly 30 countries with which the United States maintains a visa waiver agreement to also adopt similar technologies. Privacy experts worry that the move to a radio-frequency identification (RFID) chip will erode civil liberties.

Moss maintained that the specification was not created by the United States, but as part of a multi-nation process at the International Civil Aviation Organization (ICAO).

"This is not just the United State's initiative," he said. "This technology is viewed widely to be taking passports to a new generation of security in terms of verifying that the person carrying the passport is the person to whom the passport was issued."

The process to create a standard for the design of a passport with a chip requiring electrical and physical contact would have been onerous, Moss maintained.

A representative of the chip-card industry said that bandwidth considerations also drove the decision to favor a contactless memory chip. The current crop of contactless chips have a read rate eight times higher than contact chips, Chuck Baggeroer, director of government marketing for Datacard Group.

"Contactless chips have considerable higher bandwidth," he said. "You would think that contact chips would have faster data rates - that is not so."

Yet, the ACLU's Steinhardt argued that the initiative is the latest example of US "policy laundering," where the administration uses an international agency to create a standard that can then be marketed to Congress as a global norm that the nation should follow.

"If you listened to President Bush when he announced the creation of these passports, you would have thought that the US was a bit player in this project to create, what essentially are, these universal identification cards," Steinhardt said. "If you read the documents, it is crystal clear that the U.S. government drove the process, resisted putting in any of the protection measures ... saying that they were not necessary."

The ACLU has pointed to other initiatives, such as the Council of Europe's Cybercrime Treaty, as examples of policy laundering. The organization has started a task force to focus on the political tactic.

If other countries' momentum is any indication, the passport will just be the first document to include the wireless-chip technology, Steinhardt and other privacy and security experts said. Other identification documents will soon be chipped as well, said Counterpane's Schneier.

"When we look at these RFID chips, they seem to be moving into a plethora of offical documents - it's not going to be just passports," he said. "So even people who don't have passports will be carrying these identity beacons."

The State Department's Moss seemed willing to address the concerns, but ultimately was unmoved by the arguments.

"We are doing it right, we just disagree," Moss said. "If you really think this is a horrible idea, you better start writing to your members of Congress."

Copyright © 2005, SecurityFocus logo

Related stories

UK to use passports to build national fingerprint database
Bush Admin demands more banking data
Civil liberty group pans EU biometrics plans

Security for virtualized datacentres

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
OECD lashes out at tax avoiding globocorps' location-flipping antics
You hear that, Amazon, Google, Microsoft et al?
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.