Passport Chip Criticism Grows By Ryan Singel Story location: http://www.wired.com/news/privacy/0,1848,67066,00.html
02:00 AM Mar. 31, 2005 PT Business travel groups, security experts and privacy advocates are looking to derail a government plan to insert remotely readable chips in American passports, calling the chips homing devices for high-tech muggers, identity thieves and even terrorists. But the U.S. State Department, which plans to start issuing the new passports to citizens later this year, says its critics are overstating the risks. Officials say that the chips will cut down on passport forgery, improve security and speed up border crossings. The State Department is also adding technical features to prevent the radio-frequency identification devices, or RFID chips, in new passports from being "skimmed" by unauthorized readers, according to Frank Moss, the deputy assistant secretary for passport services at the State Department. "We will not issue passports to the American public without mitigating the risk of skimming," Moss said, calling the issue both a technical and a political problem. The 64-KB chips will include the information from the photo page of the passport, including name, date of birth and a digitized form of the passport picture. The chips include enough space so that fingerprints or iris prints can be added later. Border agents, using special readers, will be able to call up all the passport information included on the chips on a computer screen. They will also use facial-identification software and a digital camera to verify that the person presenting the passport is the person who was issued the passport. But Bill Scannell, a publicist and freelance civil liberties provocateur, thinks the risk is far greater than the State Department is admitting. On Monday, Scannell launched an internet campaign called RFID Kills to stop the government's plans. The site accuses the State Department of putting Americans abroad at risk, saying the chips "turn tourists into targets, and American business travelers will transmit their identities to kidnappers wherever they go." Scannell and some security experts suggest that the government should use other technology to make passports more secure, such as bar codes or chips that require physical contact to read and cannot be scanned from afar. More than 418 people visited Scannell's site by Wednesday afternoon to comment officially on the government proposal. While that may not seem a huge number, Scannell has a track record of delaying or derailing government efforts he considers invasive. A recent government report revealed that the 500 mostly negative comments on a government airline-screening proposal -- a large majority of which came through Scannell's UnSecureFlight.com website -- led to a substantial delay in the system's development. Two business travel groups -- the Business Travel Coalition and the Association of Corporate Travel Executives -- also announced their opposition to the chips Monday. "The thought that your travel documents could be broadcasting your nationality to those with an interest in harming U.S. citizens is bad enough," said ACTE President Greeley Koch in a written statement. "But it could also be pinpointing likely targets for pickpockets, thieves, and even providing information to steal." ACTE spokesman Jack Riepe said his group was "interested in anything that will promote travel security and convenience," but that the promised benefits of the passport chips were not worth putting U.S. citizens at risk. Security expert Jon Callas, the chief technical officer for PGP, a leading encryption vendor, thinks it's more likely that common criminals, rather than terrorists, will be the ones trying to read chips surreptitiously to pick out targets. For Callas, opposing the proposal is also about preserving the ability to maintain a low profile while traveling. "There are cheaper, safer alternatives," Callas said. "This is a case where a security measure is putting the people carrying it at risk. When I travel abroad, I spend a certain amount of effort trying to look inconspicuous, but nonetheless I carry my passport." The State Department's Moss, and even some who submitted comments through Scannell's website, think these concerns are overblown and that the benefits of RFID chips are clear. They point out that RFID chips use a digital signature algorithm that makes it nearly impossible to create a counterfeit card or alter the data on the chip. The chips are also designed only to be readable from 8 centimeters (about 3 inches) away when the passport is open, Moss said, adding "these are not like the RFID chips that control Wal-Mart's inventory." State Department contractors are looking to include some shielding, such as metal fibers in the passport cover, to keep the chips from being read when the passport is closed. But others say the passports could be read from much further, perhaps 10 meters (about 33 feet), if one used a stronger reader than the border guards have. Opponents also argue that the lack of encryption, which Moss said would slow down the processing of passports, adds another vulnerability. Lee Tien of the Electronic Frontier Foundation said the State Department has failed to make a case that the technology it is choosing is better than an optical card such as the ones being issued to individuals who frequently cross the U.S.-Mexico border. Other countries are also wrangling with the issue, as the United States is requiring all 27 countries whose citizens do not need visas to visit America to begin issuing these same types of passports by October. So far only Belgium has started production, and it is likely the deadline, which was originally October 2004, will be pushed back another year. You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.
