Feeds

Privacy groups slam US passport technology

American tracking

  • alert
  • submit to reddit

Boost IT visibility and business value

SEATTLE - Privacy advocates took the US government to task last week for the government's plans to add a wireless chips to next-generation passports.

The concerns focus on the US government's initiative to create machine-readable passports that will be rolled out to the diplomatic corps this year and to the general public starting in 2006. Privacy and security experts criticized the move as ill-considered, saying that the technology would leak data to those with specialized equipment, allowing Americans to be automatically identified by the passports they are carrying.

"You have to worry about identity theft, you have to worry about cloning without the victims knowledge, you have to worry about tracking and surveillance - all the things that go with people carrying a beacon that broadcasts their identity," Bruce Schneier, chief technology officer for Counterpane Internet Security, said on a panel discussion at the Computer, Freedom and Privacy Conference in Seattle.

The concerns revolve around the decision to make passports machine readable by embedding a wireless chip in the documents. The chip, a 64 kilobit contactless device similar to those found in many employee identification cards, would allow data to be read from a passport just by holding the document within 10 centimeters of a reader, said Frank Moss, Deputy Assistant Secretary for the U.S. Department of State's Passport Services group and the only government official on the panel.

Moss called critics' arguments - warning that terrorists would gain the ability to remotely identify Americans using the chipped passports - absurd.

"We would not use our own people as test populations if we thought there was any risk associated with this passport," he said. "The idea that you can walk down a hotel hallway and identify the Americans is, quite frankly, poppycock."

Moss added that to reduce the possiblity of any such scenario, the U.S. planned to put a nonmetallic material in the cover of passports that would block wireless signals.

However, privacy and security experts maintain that, much like other wireless technologies, the specified distance at which devices can communicate with the chip could be greatly increased by specialized antennas using more power. In a demonstration using a chip similar to the one specified by current documents, Barry Steinhardt, director of the technology and liberty program at the American Civil Liberties Union, showed that the passport could be read at a distance of a couple feet. He maintained that readers that could grab the information at greater distances, such as 30 feet, would be possible.

"Whether or not the Department of Homeland Security buys a reader that can read a passport at 10 centimeters or, like mine, at three or four feet, much more powerful antennas and much more powerful equipment are out there," he said.

The concerns come as the United States is leading the charge to move to machine-readable passports, requiring the nearly 30 countries with which the United States maintains a visa waiver agreement to also adopt similar technologies. Privacy experts worry that the move to a radio-frequency identification (RFID) chip will erode civil liberties.

Moss maintained that the specification was not created by the United States, but as part of a multi-nation process at the International Civil Aviation Organization (ICAO).

"This is not just the United State's initiative," he said. "This technology is viewed widely to be taking passports to a new generation of security in terms of verifying that the person carrying the passport is the person to whom the passport was issued."

The process to create a standard for the design of a passport with a chip requiring electrical and physical contact would have been onerous, Moss maintained.

A representative of the chip-card industry said that bandwidth considerations also drove the decision to favor a contactless memory chip. The current crop of contactless chips have a read rate eight times higher than contact chips, Chuck Baggeroer, director of government marketing for Datacard Group.

"Contactless chips have considerable higher bandwidth," he said. "You would think that contact chips would have faster data rates - that is not so."

Yet, the ACLU's Steinhardt argued that the initiative is the latest example of US "policy laundering," where the administration uses an international agency to create a standard that can then be marketed to Congress as a global norm that the nation should follow.

"If you listened to President Bush when he announced the creation of these passports, you would have thought that the US was a bit player in this project to create, what essentially are, these universal identification cards," Steinhardt said. "If you read the documents, it is crystal clear that the U.S. government drove the process, resisted putting in any of the protection measures ... saying that they were not necessary."

The ACLU has pointed to other initiatives, such as the Council of Europe's Cybercrime Treaty, as examples of policy laundering. The organization has started a task force to focus on the political tactic.

If other countries' momentum is any indication, the passport will just be the first document to include the wireless-chip technology, Steinhardt and other privacy and security experts said. Other identification documents will soon be chipped as well, said Counterpane's Schneier.

"When we look at these RFID chips, they seem to be moving into a plethora of offical documents - it's not going to be just passports," he said. "So even people who don't have passports will be carrying these identity beacons."

The State Department's Moss seemed willing to address the concerns, but ultimately was unmoved by the arguments.

"We are doing it right, we just disagree," Moss said. "If you really think this is a horrible idea, you better start writing to your members of Congress."

Copyright © 2005, SecurityFocus logo

Related stories

UK to use passports to build national fingerprint database
Bush Admin demands more banking data
Civil liberty group pans EU biometrics plans

The Essential Guide to IT Transformation

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Sonos AXES support for Apple's iOS4 and 5
Want to use your iThing? You can't - it's too old
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Too many IT conferences to cover? MICROSOFT to the RESCUE!
Yet more word of cuts emerges from Redmond
Joe Average isn't worth $10 a year to Mark Zuckerberg
The Social Network deflates the PC resurgence with mobile-only usage prediction
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.