view counter

U.S. to begin offering RFID-equipped passport cards

Published 4 January 2008

Passport card will serve as an alternative to the traditional passport — and reduce the wait at land and sea border checkpoints by using an electronic device that can simultaneously read multiple cards’ radio frequency identification (RFID) signals from a distance, checking travelers against terrorist and criminal watchlists while they wait

The United States will soon offer passport cards equipped with electronic data chips to U.S. citizens who travel frequently between the United States and Canada, Mexico, or the Caribbean. The cards can be read wirelessly from about twenty feet, offering convenience to travelers but raising security and privacy concerns about the possibility of data being intercepted. The goal of the passport card is to serve as an alternative to the traditional passport — and reduce the wait at land and sea border checkpoints by using an electronic device that can simultaneously read multiple cards’ radio frequency identification (RFID) signals from a distance, checking travelers against terrorist and criminal watchlists while they wait. “As people are approaching a port of inspection, they can show the card to the reader, and by the time they get to the inspector, all the information will have been verified and they can be waved on through,” said Ann Barrett, deputy assistant secretary of state for passport services, commenting on the final rule on passport cards published yesterday in the Federal Register.

The Washington Posts’s Ellen Nakashima writes that the $45 card will be optional and cannot be used for air travel. Travelers can opt for a more secure, but costlier, e-passport which costs $97 and contains a radio frequency chip that can only be read at a distance of three inches. Privacy and security experts said the new passport cards that transmit information over longer distances are much less secure. “The government is fundamentally weakening border security and privacy for passport holders in order to get people through the lines faster,” said Ari Schwartz, deputy director of the Center for Democracy and Technology, which submitted comments in opposition to the proposed rule, along with 4,000 others, the vast majority in opposition. The problem with the card, Schwartz said, is that it uses a standard that was not meant to track people. “It’s not made as an identity document,” he said. “The technology they’re using was designed to track goods — pallets of toilet paper at Wal-Mart,” he said.

The government said that to protect the data against copying or theft, the chip will contain a unique identifying number linked to information in a secure government database but not to names, Social Security numbers, or other personal information. It will also come with a protective sleeve to guard against hackers trying to skim data wirelessly (what is called digital pick-poceting), Barrett said. The card is part of the Western Hemisphere Travel Initiative (WHTI) which aims to strengthen border security while easing entry for citizens and legitimate visitors with standard identity documents. The chip is passive and can be read only when a reader pings it, a reader with a strong battery can detect the chip’s signal from as far as 40 feet away, Schwartz said. It can easily be cloned, posing the risk that a hacker could make a duplicate card to fool a border agent, he said.

Avi Rubin, a professor at Johns Hopkins University, said that two years ago he duplicated an RFID chip in his “speedpass” used for buying gas, copied the information onto a laptop and, after extending a radio antenna from the laptop out the car door, was able to buy gas with the cloned RFID chip. Randy Vanderhoof, executive director of the Smart Card Alliance, represents technology firms that make another kind of RFID chip, one that can only be read up close, and he is critical of the passport card’s technology. It offers no way to check whether the card is valid or a duplicate, he said, so a hacker could alter the number on the chip using the same techniques used in cloning. “Because there’s no security in the numbering system, a person who obtains a passport card and is later placed on a watchlist could easily alter the number on the passport card to someone else’s who’s not on the watchlist,” Vanderhoof said.

view counter
view counter