Advocates say new passports are flawed, raise security issues
Related
Advertisement
Cards, which can be read wirelessly up to 20 feet, raise security issues
12/31/2007 -
WASHINGTON — The federal government will soon offer passport cards equipped with electronic data chips to U.S citizens who travel frequently between the United States and Canada, Mexico or the Caribbean. The cards can be read wirelessly from 20 feet, offering convenience to travelers but raising security and privacy concerns about the possibility of data being intercepted.
The goal of the passport card is to reduce wait at land and sea border checkpoints by using an electronic device that can read the radio frequency identification signals from multiple cards simultaneously at a distance, checking travelers against terrorist and criminal watch lists while they sit in their cars.
"As people are approaching a port of inspection, they can show the card to the reader and by the time they get to the inspector, all the information will have been verified and they can be waved on through," said Ann Barrett, deputy assistant secretary of state for passport services, commenting on the final rule on passport cards published Monday in the Federal Register. "It's good security, but it's there to facilitate travel as well."
The $45 card will be optional and cannot be used for air travel. Travelers can opt for a more secure, if costly, e-passport, which costs $97 and contains a radio frequency chip that can be read at a distance of 3 inches. The e-passport, which is encrypted, must be swiped to be read and sends out a different random number each time it is swiped.
But privacy and security experts said the new passport cards that transmit information over longer distances are much less secure.
"The government is fundamentally weakening border security and privacy for passport holders in order to get people through the lines faster," said Ari Schwartz, deputy director of the Center for Democracy and Technology, which submitted comments in opposition to the proposed rule, along with 4,000 others, the vast majority in opposition.
The problem with the card, Schwartz said, is it will employ a standard unsuitable for use with human beings. "It's not made as an identity document," he said. "The technology they're using was designed to track goods — pallets of toilet paper at Wal-Mart," he said.
The government said the chip will contain a unique identifying number linked to information in a secure government database, but no name, Social Security number or other personal information. It will also be issued in a protective sleeve to guard against hackers trying to skim data wirelessly, Barrett said.
Though the chip is passive and can be read only when a reader pings it, a reader with a strong battery can detect the chip's signal from as far as 40 feet away, Schwartz said. It can easily be cloned, posing the risk that a hacker can make a duplicate card to fool a border agent.
Randy Vanderhoof, executive director of the Smart Card Alliance, represents technology firms that make another kind of RFID chip — one that can be read only up close — and is critical of the passport card's technology. It offers no way to check whether the card is valid or a duplicate, he said, so a hacker could alter the number on the chip using the same techniques used in cloning.
Last year, the Government Accountability Office reviewed a similar technology and said it should not be used to identify people, only to track goods.
