E-Passports Will Include New Safeguards
WASHINGTON -- The State Department, in response to heated criticism, will likely add new, still unspecified safeguards to soon-to-be unveiled electronic passports.
The department has previously said that security measures such as encryption and basic access controls were unnecessary and would not be used. But it is seriously considering measures to meet a now-acknowledged need for additional protections, according to Frank Moss, deputy assistant secretary of state for passport services.
The new passports will duplicate a passport's printed information--including the holder's place and date of birth, passport number and name, and picture--on a remotely readable electronic chip in the passport's back cover.
The chips are read-only and digitally signed, which the government says will prevent forgery and help secure American borders. These thin, flexible RFID (radio frequency ID) chips will let machines called readers pull information from the passports from a short distance--supposedly just a few inches.
The State Department's about-face comes after recent tests proved that the chip could be read from as much as 3 feet away by a commercial chip-reading device.
"It was a recognition that the chip could be read at distances greater than the original 4 inches that forced us to take another look at it," Moss says.
More Secure, But Less Secure
Wary travel and privacy groups charged that the original passport plan would have endangered American travelers and increased the risk of identity theft. Terrorists could have used a commercially available scanner to pick out Americans in a crowd, they say, or criminals could scan the chips to steal identities.
The State Department tried to assuage these concerns with plans to weave metal or other fibers into the passport cover to block the chip's radio signal when the passport was closed. But opponents said Americans using their passports as identification at hotels, train stations, and elsewhere would still be vulnerable.
What Will Be Added?
Neville Pattinson is the director of technology and government affairs at Axalto, an Austin, Texas-based company that is bidding to supply the smart card technology for the new passports. Pattinson says his company supports adding encryption and access controls as outlined by the International Civil Aviation Organization.
"We endorse the use of those [measures] to really protect the access to the chip and to protect the confidentiality of the information on the chip," he says.
Those safeguards would mean that reading the smart chip's data would first require optically scanning the two printed lines at the bottom of every passport data page.
"Hidden in there is a seed," he explains--a seed that would be used to create a special key. The chip would release information only to a reader that first offered that key, Pattinson says.
In addition to this access control, any communication between the reader and the passport's chip would be encrypted to prevent eavesdropping. Another key created using the seed would be used to encrypt the data.
Pattinson says that both of these safeguards are part of a standard for electronic passports created by the ICAO. The U.S. and about 140 other countries all participated in defining the standard, he notes.
At first, Pattinson says, the standard "really only had open access with no authentication or confidentiality of information. The intent was to provide something simple and interoperable and accessible.
"Unfortunately, they underestimated the privacy concerns [that this version of the standard] was going to cause," he says. So ICAO recently added optional standards for encryption and access control.
The European Union already has decided to use the new safeguards, the State Department's Moss says. Since the U.S. and any other country that wanted to read electronic data from EU passports will already have to install readers that can handle these security measures, Europe's decision makes it easier for the U.S. to follow suit, he adds.
Opponents of the remotely readable passports say the State Department is moving in the right direction, but they still question the fundamental technology choice.
The Business Travel Coalition, a group whose corporate members include Black and Decker and DaimlerChrysler, says the original passport plans could have made American travelers targets. Kevin Mitchell, the coalition's chairman, says that adding encryption and access control is "the right direction to take."
But he adds that he is still concerned about using RFID instead of a contact chip (which has to make physical contact with a scanning device to be read) or an optical chip that must be read with a laser. If someone finds a way to get around the new security measures, he says, the basic design would still leave Americans vulnerable.
Believing that the new safeguards will protect against eavesdropping for the ten-year lifespan of a passport "kind of assumes that the technology that's out there that could work against this is static, when we know it's dynamic," he points out.
Other groups, like the American Civil Liberties Union, have said the new passports should use contact chips to ensure travelers' privacy rights.
But Moss says that because passports are meant to last for ten years, the known limitations of contact and optical chips make them a bad choice. "They mar, they scratch, they degrade," he explains. "I would worry about durability."
Testing to Continue
Although Moss says the State Department will definitely add new safeguards, the details of those measures are still being decided. The testing that confirmed the longer read distance for the RFID chips is continuing.
That testing is driving the schedule to introduce the new passports, Moss says, and may push back the anticipated roll-out date of August.
"If I lose a month or two," he says, "that's a small price to pay."