• PC World
• »Security

WASHINGTON -- By October 2006, the U.S. government will require nearly all of the passports it issues to include a computer chip containing the passport holder's personal information, according to regulations published this week.

Starting in early 2006, the U.S. Department of State will begin issuing passports with 64-kilobyte RFID (radio frequency identification) chips that will contain the name, nationality, gender, date of birth, and place of birth of the passport holder, as well as a digitized photograph of that person.

The chip's contents will match the data on the paper portion of the passport, improving passport security by making it more difficult for criminals to tamper with passports, backers say. U.S. government efforts to make passports harder to forge began in response to the terrorist attacks on the United States on September 11, 2001.

Opposition

After the State Department proposed last February to include RFID chips in passports, privacy groups such as the American Civil Liberties Union and the Electronic Frontier Foundation expressed concern. Because some RFID chips can be scanned remotely, criminals may be able to covertly scan groups of passport holders at airports, the EFF said in April. RFID passports could thus act as "terrorist beacons," as well as indiscriminately exposing U.S. residents' personal information to strangers.

In a letter commenting on the State Department proposal, the EFF argued that the agency lacked congressional authority to require RFID chips in passports.

"RFID in passports is a terrible idea, period," said EFF senior attorney Lee Tien, in a posting to the EFF's Web site. "But on top of that, the State Department is acting without the appropriate authority and without conducting any form of credible cost-benefit analysis. It's asking Americans to sacrifice their safety and privacy 'up front' for a dangerous experiment that it hasn't even bothered to justify."

The State Department received 2335 public comments on its February proposal to introduce electronic passports. More than 98 percent of the comments were negative, the State Department said, and most of them raised issues about security and privacy.

Security Precautions

In the passport rules it released Tuesday, the State Department said that it was taking several security precautions. The RFID chips will use encrypted digital signatures to prevent tampering; and they will be so-called passive RFID chips, which do not broadcast personal information unless within inches of an RFID reader machine. To protect against data leaks, the e-passports will come with an "antiskimming" material that blocks radio waves on the passport's back and spine, the State Department notice said.

The new passports would comply with an International Civil Aviation Organization specification on e-passports, the State Department said.

Though the State Department moved away from its earlier proposal of a self-powered RFID chip in favor of a passive one that relies on a reader machine's power, privacy concerns remain, said Barry Steinhardt, director of the ACLU's Technology and Liberty Program. Steinhardt called the State Department's security measures a "step forward," but he said bar codes could be used to match electronic data with paper data on passports.

"It still raises the question [of] whether or not this is an appropriate technology," Steinhardt said. "There are still some essential concerns about whether this is secure or not."

But Neville Pattinson, director of technology and Government affairs for Texas RFID card vendor Axalto, praised the State Department's changes, including the passive chips and antiskimming materials. "This is a fine example of the government listening to public opinion and adopting technology that protects citizen's privacy," he said. "With the changes, information cannot be extracted from it."