New high-tech passports raise privacy concerns
Seattle Times business reporter
But when a new high-tech passport system goes into effect as early as next spring, that's exactly what critics say could happen. Before the end of the year, the first U.S. biometric passport will be issued with a tiny computer chip and antenna embedded inside it. The chip will contain a digital image of the person's face, along with other information such as name, birth date and birthplace. The data on the chip can be picked up wirelessly using a radio signal.
When the traveler enters the United States, border-control officials will snap a digital photo of the person, scan the data from the passport and run a facial-recognition software program to compare the two images.
The system is designed to prevent forged passports by making sure the original passport holder and the person standing at the immigration counter are one in the same.
The problem, security and privacy experts say, is that the technical standard chosen for the system leaves passport data unprotected.
The technology allows data on the chip to be read remotely using radio frequency identification, or RFID.
That means the passport does not have to be opened or even come in contact with a scanning device. Its contents can be read remotely — some estimates claim as far away as 30 feet — without the passport holder knowing anything about it.
Privacy advocates and the American Civil Liberties Union have sharply criticized the proposed system, saying it effectively creates "a global infrastructure of surveillance."
"The U.S.-backed standard means that all the information on American passports can be read by anyone with an RFID reader, whether they are an identity thief, a terrorist trying to spot the Americans in a room or a government agent looking to vacuum up the identities of everyone at a political rally, gun show or mosque," said Laura Murphy, director of the ACLU's Washington, D.C., legislative office.
The ACLU also questioned the use of facial-recognition technology, which can be used to track people but is not foolproof when it comes to matching identity.
Required of foreign visitors
The U.S. government is already requiring 27 foreign countries to include biometrics in their passports in order for their citizens to continue to travel to the United States without a visa. The mandate was passed in 2002 as part of an effort to tighten border security after the Sept. 11, 2001, attacks.
Most of those countries, including the United Kingdom, have had trouble implementing the system and requested the deadline be postponed. Congress voted during the summer to extend the deadline one year to October 2005.
Now the State Department plans to expand that program to include U.S. passports, which were not part of the original legislation.
But it may only be a matter of time before countries required by the U.S. to issue biometric passports demand the same kind of passports from American visitors.
By the end of 2005, according to the plan, all American passports produced domestically will be biometric passports.
The new technology is set to go into diplomatic and official passports first, and move to all new and renewed regular passports around the middle of next year, said Kelly Shannon, spokeswoman in the State Department's Bureau of Consular Affairs.
The standard being used for U.S. passports was developed by the International Civil Aviation Organization (ICAO), a United Nations-affiliated group based in Montreal.
As the standard was being decided this year, privacy and security experts argued it should include features to protect the data, such as encryption or the addition of a printed bar code inside the passport to "unlock" the data.
Such features would let passport holders know who was reading their data and when. But the State Department so far has rejected proposals for encryption and other security measures.
Department officials said encryption would hinder interoperability of the system among the different countries using it and slow down already tedious border crossings.
It should function like RFID technology that monitors the flow of cars from a distance through automatic toll roads, for example.
Security expert Bruce Schneier, founder and chief technical officer of Counterpane Internet Security, said encryption would not solve security problems for the passport system.
Instead, he recommends a system that requires direct contact with the chip.
"The owner of the passport has to acquiesce to give the data to somebody," Schneier said.
If the passport has to touch the reader or be opened before it can be read, there is less chance for secret "skimming" of personal data. That is a growing concern as RFID technology becomes more widespread around the world, and readers can be produced inexpensively in devices as small as a mobile phone.
"The question comes down to why the government is fixating on this technology," Schneier said. "I cannot figure out a motive, unless they want to read it surreptitiously themselves."
Adding a computer chip to passports does not provide a means to track U.S. citizens, said State Department spokesman Kurtis Cooper. The information stored on the chip is the same as on the printed passport and will be used only to verify identity at ports of entry, he said.
As the system is further tested and developed, Cooper said, the department is looking for ways to "reduce further any risk that would compromise the privacy of the data as citizens use their passport."
Meanwhile, the Department of Homeland Security has started a pilot program to test biometric technology for foreign visitors at a dozen airports around the country, including Seattle-Tacoma International Airport.
The department awarded a multibillion-dollar contract in June to a consortium called the Smart Border Alliance to design and build the U.S. Visitor and Immigration Status Indicator Technology (US-VISIT) program, which makes use of biometrics.
The Smart Border Alliance, led by Accenture, includes Bellevue-based Saflink. Saflink provides software that replaces passwords with biometric identification such as fingerprints, voices or and facial characteristics. It takes the unique points of a fingerprint or a face and transfers them to a series of ones and zeros — a biometric "signature," allowing the signature stored in a chip or database to be compared with the one presented live.
"You're never going to have a perfect match between today and tomorrow," said Saflink marketing director Thomas Doggett. But false identifications can be reduced to a manageable level.
"With the paper-based system from the old world, it's too easy for intruders to manipulate documents," he said.
Smart-card identification technology has broader applications as a container to store information such as health records and access privileges, which Saflink is helping supply to the U.S. military.
In the future, the government may decide to add new biometrics or different, expanded technologies to U.S. passports.
The State Department requires the new passports to carry a 64-kilobyte chip, more capacity than is needed to hold current passport data.
Other technology could be added, such as a second digital photo, a digital fingerprint or an iris scan, to improve the accuracy of matches.
Travel guidebook author Edward Hasbrouck isn't waiting around for that. He's getting his passport renewed before the new system is in place and urging others to do the same. Passports are valid for 10 years.
Without better security, the new passports "couldn't be better suited to facilitate both surveillance and identity theft if they were designed for the purpose," he said.
Hasbrouck believes the new passports will enable "undetectable tracking and the identification of travelers, as well as secret, remote collection of all the data needed to create perfect passport forgeries."
One simple but effective solution may deter unwanted snoops, says Schneier: Cover the passport with aluminum foil. Radio frequencies have a hard time penetrating metal.
Kristi Heim: 206-464-2718 or firstname.lastname@example.org.
Copyright © 2004 The Seattle Times Company