E-passports will become reality this fall
17 April, 2005
category: Biometrics, Contactless, Government, Library, RFID
House considers active tags for Congressmen and staff
By Peter A. Buxbaum, Contributing Editor, RFIDOperations
This article originally appeared in a 2005 issue of RFIDOperations.
WASHINGTON D.C.—The State Department is moving ahead with plans to add RFID chips to American passports.
As the sophistication of intrepid forgers grows, especially in today’s heightened homeland security atmosphere, the RFID-enabled passport program “will ensure that the person carrying the passport is the person to whom the passport was issued,” said Frank Moss, Deputy Assistant Secretary of State for Passport Services. It will prevent the forging of passports or the insertion of a new photograph in a genuine passport, he added.
Plans are to begin embedding chips in U.S. passports this summer with diplomats before it’s expanded to all citizens in October over the objections of the American Civil Liberties Union and others. And the procurement office of the U.S. House of Representatives is considering proposals to implement an RFID system in the identification cards of all congressional personnel – from the legislators themselves to the interns – to track them in case of an evacuation.
Opponents of the use of RFID in passports say criminals and terrorists could read the information on the RFID chips. The government had maintained that the chips could be read from only 10 cm away. But at least one test showed that a reader could read a passport chip from 30 feet away. As of press time, the State Department is considering “locking” the data using a process called Basic Access Control developed by the International Civil Aviation Organization. To “unlock” the data in the passport, a reader would need a unique “key” used to authenticate the reader and unlock the data on the RFID chip. (For more on these developments please go to www.RFIDNews.org).
The RFID chip, Moss emphasized, would contain the same information as the data page of the passport: a photograph, name, and date of birth of the passport holder. “There will be no social security number and no fingerprint,” he said. The program, Moss added, is part of an international effort to “facilitate the movement of people through airports” that goes back ten years.
But a website called RFIDkills.com, established as a source of information against the State Department program, says “the RFID-chipped US passport will turn tourists into targets, and American business travelers will transmit their identities to kidnappers wherever they go…” The Association of Corporate Travel Executives and the Business Travel Coalition both have also condemned the RFID proposal.
The ACLU, in written comments filed with the State Department April 4, contended that the new U.S. passport makes data susceptible to “skimming” or “eavesdropping” by third parties operating their own readers. The statement added that the RFID chips could be readable from a distance of 30 meters.
Recent reports indicate Moss has grown more concerned about risks of “skimming.” It’s still uncertain whether the BAC process or a technique involving the insertion of a metallic layer in the passport cover known as a Faraday cage, will block a chip reader’s signal so the passport can’t be read unless it is open. It’s also uncertain as of press time whether the State Department will still meet its rollout plan.
In the case of the potential House project, civil libertarians fret RFID could be used for purposes other than the emergency system for which it is intended.
A recent request for information about the House of Representatives system that would account for personnel in the case of an evacuation envisages a two-phase system. The first would “assist in identifying and accounting for staff who have evacuated the building” and issue status reports within sixty minutes of the evacuation. The second phase would account for employees absent from the Capitol area at the time of the event, by gathering information from telephone calls, emails, and web-based responses, within 24 hours of the event.
Phase one “is what we would call a mustering application,” said Ben Donahue, vice president of Axcess International, Inc., a Carrolton, Texas-based company which responded to the RFI. The documentation submitted to the House by Axcess International calls for deployment of a system utilizing active ID tags which would be embedded into the ID cards currently being used by House employees. These tags could be read even if they are secreted in employees’ pocket or briefcase, according to Donahue. The passive tags used in typical proximity cards require passing within a few inches of a reader, he added. The active tags can be read over a much wider field of “tens of feet.”
These features raise concerns among civil libertarians who contend that RFID “lends itself to other uses.” “It’s very hard to narrow it down to one circumstance, especially if it’s active at all times,” said Karen Coyle, a spokesperson for Computer Professionals for Social Responsibility in Palo Alto, Calif. “Prior to putting this kind of system in place it is essential to think about unintended consequences.”
Coyle advocated performing a risk analysis to determine whether a tracking system for people is advisable for the House of Representatives, suggesting that perhaps it was not. “It’s aimed at an event that cannot be predicted ahead of time, so you’d have to have the system enabled all of the time,” she said. “You’re talking about people in an office building, not miners that might get trapped underground. It’s necessary to determine whether there is enough benefit to this system to take the risk” that the technology might be abused.