Feeds

Privacy groups slam US passport technology

American tracking

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

SEATTLE - Privacy advocates took the US government to task last week for the government's plans to add a wireless chips to next-generation passports.

The concerns focus on the US government's initiative to create machine-readable passports that will be rolled out to the diplomatic corps this year and to the general public starting in 2006. Privacy and security experts criticized the move as ill-considered, saying that the technology would leak data to those with specialized equipment, allowing Americans to be automatically identified by the passports they are carrying.

"You have to worry about identity theft, you have to worry about cloning without the victims knowledge, you have to worry about tracking and surveillance - all the things that go with people carrying a beacon that broadcasts their identity," Bruce Schneier, chief technology officer for Counterpane Internet Security, said on a panel discussion at the Computer, Freedom and Privacy Conference in Seattle.

The concerns revolve around the decision to make passports machine readable by embedding a wireless chip in the documents. The chip, a 64 kilobit contactless device similar to those found in many employee identification cards, would allow data to be read from a passport just by holding the document within 10 centimeters of a reader, said Frank Moss, Deputy Assistant Secretary for the U.S. Department of State's Passport Services group and the only government official on the panel.

Moss called critics' arguments - warning that terrorists would gain the ability to remotely identify Americans using the chipped passports - absurd.

"We would not use our own people as test populations if we thought there was any risk associated with this passport," he said. "The idea that you can walk down a hotel hallway and identify the Americans is, quite frankly, poppycock."

Moss added that to reduce the possiblity of any such scenario, the U.S. planned to put a nonmetallic material in the cover of passports that would block wireless signals.

However, privacy and security experts maintain that, much like other wireless technologies, the specified distance at which devices can communicate with the chip could be greatly increased by specialized antennas using more power. In a demonstration using a chip similar to the one specified by current documents, Barry Steinhardt, director of the technology and liberty program at the American Civil Liberties Union, showed that the passport could be read at a distance of a couple feet. He maintained that readers that could grab the information at greater distances, such as 30 feet, would be possible.

"Whether or not the Department of Homeland Security buys a reader that can read a passport at 10 centimeters or, like mine, at three or four feet, much more powerful antennas and much more powerful equipment are out there," he said.

The concerns come as the United States is leading the charge to move to machine-readable passports, requiring the nearly 30 countries with which the United States maintains a visa waiver agreement to also adopt similar technologies. Privacy experts worry that the move to a radio-frequency identification (RFID) chip will erode civil liberties.

Moss maintained that the specification was not created by the United States, but as part of a multi-nation process at the International Civil Aviation Organization (ICAO).

"This is not just the United State's initiative," he said. "This technology is viewed widely to be taking passports to a new generation of security in terms of verifying that the person carrying the passport is the person to whom the passport was issued."

The process to create a standard for the design of a passport with a chip requiring electrical and physical contact would have been onerous, Moss maintained.

A representative of the chip-card industry said that bandwidth considerations also drove the decision to favor a contactless memory chip. The current crop of contactless chips have a read rate eight times higher than contact chips, Chuck Baggeroer, director of government marketing for Datacard Group.

"Contactless chips have considerable higher bandwidth," he said. "You would think that contact chips would have faster data rates - that is not so."

Yet, the ACLU's Steinhardt argued that the initiative is the latest example of US "policy laundering," where the administration uses an international agency to create a standard that can then be marketed to Congress as a global norm that the nation should follow.

"If you listened to President Bush when he announced the creation of these passports, you would have thought that the US was a bit player in this project to create, what essentially are, these universal identification cards," Steinhardt said. "If you read the documents, it is crystal clear that the U.S. government drove the process, resisted putting in any of the protection measures ... saying that they were not necessary."

The ACLU has pointed to other initiatives, such as the Council of Europe's Cybercrime Treaty, as examples of policy laundering. The organization has started a task force to focus on the political tactic.

If other countries' momentum is any indication, the passport will just be the first document to include the wireless-chip technology, Steinhardt and other privacy and security experts said. Other identification documents will soon be chipped as well, said Counterpane's Schneier.

"When we look at these RFID chips, they seem to be moving into a plethora of offical documents - it's not going to be just passports," he said. "So even people who don't have passports will be carrying these identity beacons."

The State Department's Moss seemed willing to address the concerns, but ultimately was unmoved by the arguments.

"We are doing it right, we just disagree," Moss said. "If you really think this is a horrible idea, you better start writing to your members of Congress."

Copyright © 2005, SecurityFocus logo

Related stories

UK to use passports to build national fingerprint database
Bush Admin demands more banking data
Civil liberty group pans EU biometrics plans

Intelligent flash storage arrays

More from The Register

next story
Bladerunner sequel might actually be good. Harrison Ford is in it
Go ahead, you're all clear, kid... Sorry, wrong film
Euro Parliament VOTES to BREAK UP GOOGLE. Er, OK then
It CANNA do it, captain.They DON'T have the POWER!
Musicians sue UK.gov over 'zero pay' copyright fix
Everyone else in Europe compensates us - why can't you?
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Megaupload overlord Kim Dotcom: The US HAS RADICALISED ME!
Now my lawyers have bailed 'cos I'm 'OFFICIALLY' BROKE
Forget Hillary, HP's ex CARLY FIORINA 'wants to be next US Prez'
Former CEO has political ambitions again, according to Washington DC sources
prev story

Whitepapers

Free virtual appliance for wire data analytics
The ExtraHop Discovery Edition is a free virtual appliance will help you to discover the performance of your applications across the network, web, VDI, database, and storage tiers.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.