New computerized passport raises safety concerns

[R.A. Hettinga]

<http://www.sanluisobispo.com/mld/sanluisobispo/business/technology/10556269.htm?template=contentModules/printstory.jsp>

Posted on Mon, Jan. 03, 2005

New computerized passport raises safety concerns

By Kristi Heim
Seattle Times

When traveling abroad these days, most Americans probably wouldn't want the
contents of their passports to be secretly read by strangers.

But when a new high-tech passport system goes into effect as early as next
spring, that's exactly what critics say could happen.

Before the end of the year, the first U.S. biometric passport will be
issued with a tiny computer chip and antenna embedded inside it. The chip
will contain a digital image of the person's face, along with other
information such as name, birth date and birthplace. The data on the chip
can be picked up wirelessly using a radio signal.

When the traveler enters the United States, border-control officials will
snap a digital photo of the person, scan the data from the passport and run
a facial-recognition software program to compare the two images.

The system is designed to prevent forged passports by making sure the
original passport holder and the person standing at the immigration counter
are one and the same.

The problem, security and privacy experts say, is that the technical
standard chosen for the system leaves passport data unprotected.

The technology allows data on the chip to be read remotely using radio
frequency identification or RFID.

That means the passport does not have to be opened or even come in contact
with a scanning device. Its contents can be read remotely -- some estimates
claim as far away as 30 feet -- without the passport holder knowing
anything about it.

Privacy advocates and the American Civil Liberties Union have sharply
criticized the proposed system, saying it effectively creates `a global
infrastructure of surveillance.`

`The U.S.-backed standard means that all the information on American
passports can be read by anyone with an RFID reader, whether they are an
identity thief, a terrorist trying to spot the Americans in a room or a
government agent looking to vacuum up the identities of everyone at a
political rally, gun show or mosque,` said Laura Murphy, director of the
ACLU's Washington, D.C., legislative office.

The ACLU also questioned the use of facial-recognition technology, which
can be used to track people but is not foolproof when it comes to matching
identity.

The U.S. government is already requiring 27 foreign countries to include
biometrics in their passports in order for their citizens to continue to
travel to the United States without a visa. The mandate was passed in 2002
as part of an effort to tighten border security after the Sept. 11, 2001,
attacks.

Most of those countries, including the United Kingdom, have had trouble
implementing the system and requested the deadline be postponed. Congress
voted during the summer to extend the deadline one year to October 2005.

Now the State Department plans to expand that program to include U.S.
passports, which were not part of the original legislation.

But it may only be a matter of time before countries required by the United
States to issue biometric passports demand the same kind of passports from
American visitors.

By the end of 2005, according to the plan, all American passports produced
domestically will be biometric passports.

The new technology is set to go into diplomatic and official passports
first, and move to all new and renewed regular passports around the middle
of next year, said Kelly Shannon, spokeswoman in the State Department's
Bureau of Consular Affairs.

The standard being used for U.S. passports was developed by the
International Civil Aviation Organization, a United Nations-affiliated
group based in Montreal.

As the standard was being decided this year, privacy and security experts
argued it should include features to protect the data, such as encryption
or the addition of a printed bar code inside the passport to `unlock` the
data.

Such features would let passport holders know who was reading their data
and when. But the State Department so far has rejected proposals for
encryption and other security measures.

Department officials said encryption would hinder interoperability of the
system among the different countries using it and slow down already tedious
border crossings.

It should function like RFID technology that monitors the flow of cars from
a distance through automatic toll roads, for example.

Security expert Bruce Schneier, founder and chief technical officer of
Counterpane Internet Security, said encryption would not solve security
problems for the passport system.

Instead, he recommends a system that requires direct contact with the chip.

`The owner of the passport has to acquiesce to give the data to somebody,`
Schneier said.

If the passport has to touch the reader or be opened before it can be read,
there is less chance for secret `skimming` of personal data. That is a
growing concern as RFID technology becomes more widespread around the
world, and readers can be produced inexpensively in devices as small as a
mobile phone.

`The question comes down to why the government is fixating on this
technology,` Schneier said. `I cannot figure out a motive, unless they want
to read it surreptitiously themselves.`

Adding a computer chip to passports does not provide a means to track U.S.
citizens, said State Department spokesman Kurtis Cooper. The information
stored on the chip is the same as on the printed passport and will be used
only to verify identity at ports of entry, he said.

As the system is further tested and developed, Cooper said, the department
is looking for ways to `reduce further any risk that would compromise the
privacy of the data as citizens use their passport.`

Meanwhile, the Department of Homeland Security has started a pilot program
to test biometric technology for foreign visitors at a dozen airports
around the country.

The department awarded a multibillion-dollar contract in June to a
consortium called the Smart Border Alliance to design and build the U.S.
Visitor and Immigration Status Indicator Technology (US-VISIT) program,
which makes use of biometrics.

The Smart Border Alliance, led by Accenture, includes Bellevue, Wash.-based
Saflink. Saflink provides software that replaces passwords with biometric
identification such as fingerprints, voices or facial characteristics. It
takes the unique points of a fingerprint or a face and transforms them into
a series of ones and zeros -- a biometric `signature,` allowing the
signature stored in a chip or database to be compared with the one
presented live.

`You're never going to have a perfect match between today and tomorrow,`

said Saflink marketing director Thomas Doggett. But false identifications
can be reduced to a manageable level.

`With the paper-based system from the old world, it's too easy for

intruders to manipulate documents,` he said.

Smart-card identification technology has broader applications as a
container to store information such as health records and access
privileges, which Saflink is helping supply to the U.S. military.

In the future, the government may decide to add new biometrics or
different, expanded technologies to U.S. passports.

The State Department requires the new passports to carry a 64-kilobyte
chip, more capacity than is needed to hold current passport data.

Other technology could be added, such as a second digital photo, a digital
fingerprint or an iris scan, to improve the accuracy of matches.

Travel guidebook author Edward Hasbrouck isn't waiting around for that.
He's getting his passport renewed before the new system is in place and
urging others to do the same. Passports are valid for 10 years.

Without better security, the new passports `couldn't be better suited to
facilitate both surveillance and identity theft if they were designed for
the purpose,` he said.

Hasbrouck believes the new passports will enable `undetectable tracking and
the identification of travelers, as well as secret, remote collection of
all the data needed to create perfect passport forgeries.`

One simple but effective solution may deter unwanted snoops, says Schneier:
Cover the passport with aluminum foil. Radio frequencies have a hard time
penetrating metal.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com