Feeds

Privacy groups slam US passport technology

American tracking

  • alert
  • submit to reddit

Security for virtualized datacentres

SEATTLE - Privacy advocates took the US government to task last week for the government's plans to add a wireless chips to next-generation passports.

The concerns focus on the US government's initiative to create machine-readable passports that will be rolled out to the diplomatic corps this year and to the general public starting in 2006. Privacy and security experts criticized the move as ill-considered, saying that the technology would leak data to those with specialized equipment, allowing Americans to be automatically identified by the passports they are carrying.

"You have to worry about identity theft, you have to worry about cloning without the victims knowledge, you have to worry about tracking and surveillance - all the things that go with people carrying a beacon that broadcasts their identity," Bruce Schneier, chief technology officer for Counterpane Internet Security, said on a panel discussion at the Computer, Freedom and Privacy Conference in Seattle.

The concerns revolve around the decision to make passports machine readable by embedding a wireless chip in the documents. The chip, a 64 kilobit contactless device similar to those found in many employee identification cards, would allow data to be read from a passport just by holding the document within 10 centimeters of a reader, said Frank Moss, Deputy Assistant Secretary for the U.S. Department of State's Passport Services group and the only government official on the panel.

Moss called critics' arguments - warning that terrorists would gain the ability to remotely identify Americans using the chipped passports - absurd.

"We would not use our own people as test populations if we thought there was any risk associated with this passport," he said. "The idea that you can walk down a hotel hallway and identify the Americans is, quite frankly, poppycock."

Moss added that to reduce the possiblity of any such scenario, the U.S. planned to put a nonmetallic material in the cover of passports that would block wireless signals.

However, privacy and security experts maintain that, much like other wireless technologies, the specified distance at which devices can communicate with the chip could be greatly increased by specialized antennas using more power. In a demonstration using a chip similar to the one specified by current documents, Barry Steinhardt, director of the technology and liberty program at the American Civil Liberties Union, showed that the passport could be read at a distance of a couple feet. He maintained that readers that could grab the information at greater distances, such as 30 feet, would be possible.

"Whether or not the Department of Homeland Security buys a reader that can read a passport at 10 centimeters or, like mine, at three or four feet, much more powerful antennas and much more powerful equipment are out there," he said.

The concerns come as the United States is leading the charge to move to machine-readable passports, requiring the nearly 30 countries with which the United States maintains a visa waiver agreement to also adopt similar technologies. Privacy experts worry that the move to a radio-frequency identification (RFID) chip will erode civil liberties.

Moss maintained that the specification was not created by the United States, but as part of a multi-nation process at the International Civil Aviation Organization (ICAO).

"This is not just the United State's initiative," he said. "This technology is viewed widely to be taking passports to a new generation of security in terms of verifying that the person carrying the passport is the person to whom the passport was issued."

The process to create a standard for the design of a passport with a chip requiring electrical and physical contact would have been onerous, Moss maintained.

A representative of the chip-card industry said that bandwidth considerations also drove the decision to favor a contactless memory chip. The current crop of contactless chips have a read rate eight times higher than contact chips, Chuck Baggeroer, director of government marketing for Datacard Group.

"Contactless chips have considerable higher bandwidth," he said. "You would think that contact chips would have faster data rates - that is not so."

Yet, the ACLU's Steinhardt argued that the initiative is the latest example of US "policy laundering," where the administration uses an international agency to create a standard that can then be marketed to Congress as a global norm that the nation should follow.

"If you listened to President Bush when he announced the creation of these passports, you would have thought that the US was a bit player in this project to create, what essentially are, these universal identification cards," Steinhardt said. "If you read the documents, it is crystal clear that the U.S. government drove the process, resisted putting in any of the protection measures ... saying that they were not necessary."

The ACLU has pointed to other initiatives, such as the Council of Europe's Cybercrime Treaty, as examples of policy laundering. The organization has started a task force to focus on the political tactic.

If other countries' momentum is any indication, the passport will just be the first document to include the wireless-chip technology, Steinhardt and other privacy and security experts said. Other identification documents will soon be chipped as well, said Counterpane's Schneier.

"When we look at these RFID chips, they seem to be moving into a plethora of offical documents - it's not going to be just passports," he said. "So even people who don't have passports will be carrying these identity beacons."

The State Department's Moss seemed willing to address the concerns, but ultimately was unmoved by the arguments.

"We are doing it right, we just disagree," Moss said. "If you really think this is a horrible idea, you better start writing to your members of Congress."

Copyright © 2005, SecurityFocus logo

Related stories

UK to use passports to build national fingerprint database
Bush Admin demands more banking data
Civil liberty group pans EU biometrics plans

Beginner's guide to SSL certificates

More from The Register

next story
Bono apologises for iTunes album dump
Megalomania, generosity and FEAR of irrelevance drove group to Apple deal
HBO shocks US pay TV world: We're down with OTT. Netflix says, 'Gee'
This affects every broadcaster, every cable guy
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
French 'terror law' declares WAR on the INTERNET itself, say digi-rights folks
Liberté, Égalité, Fraternité: Two out of three ain't bad
SCREW YOU, EU: BBC rolls out Right To Remember as Google deletes links
Not even Google can withstand the power of Auntie
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
America's super-secret X-37B plane returns to Earth after nearly TWO YEARS aloft
674 days in space for US Air Force's mystery orbital vehicle
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.