Sweeping new State Department regulations issued Tuesday say that passports issued after that time will have tinyincluding the name, nationality, sex, date of birth, place of birth and digitized photograph of the passport holder. Eventually, the government contemplates adding additional digitized data such as "fingerprints or iris scans."
Over the last year, opposition to the idea of implanting amidst worries thatout of the air simply by aiming a high-powered antenna at a person or a vehicle carrying a passport. Out of the 2,335 comments on the plan that were received by the State Department this year, 98.5 percent were negative. The objections mostly focused on security and privacy concerns.
But the Bush administration chose to go ahead with embedding 64KB chips in future passports, citing a desire to abide by "globally interoperable" standards devised by the International Civil Aviation Organization, a United Nations agency. Other nations, including the United Kingdom and Germany, have .
In regulations published Tuesday, the State Department claims it has addressed privacy concerns. The chipped passports "will not permit 'tracking' of individuals," the department said. "It will only permit governmental authorities to know that an individual has arrived at a port of entry--which governmental authorities already know from presentation of non-electronic passports--with greater assurance that the person who presents the passport is the legitimate holder of the passport."
To address Americans' concerns about ID theft, the Bush administration said the new passports will be outfitted with "antiskimming material" in the front cover to "mitigate" the threat of the information being surreptitiously scanned from afar. It's not clear, though, how well the technique will work against high-powered readers that have been demonstrated to read RFID chips from about 160 feet away.
"The shielding in the passport is a physical device that basically, when the passport cover is closed, it's very difficult to read the chip," a State Department official, who did not wish to be identified by name, said Tuesday. The official was unable to provide details about the material's composition. The National Institute of Standards and Technology, which has been working to evaluate the chip's vulnerability to skimming, was unable to provide further information on Tuesday.
Privacy advocates told CNET News.com that the anti-skimming device was a decent start. But if the cover of the passport happens to be open, all bets are off, said Bill Scannell, a privacy advocate who founded the site RFIDkills.com. "They've built little baby radio stations into peoples' passports and covered it with concrete," he said, "but when the little hatch is open, you can still hear the music."
"It's better than nothing," Scannell went on, "but why take this risk?"
In addition, the passports will use "Basic Access Control," a reference to storing a pair of secret cryptographic keys in the chip inside. The concept is simple: The RFID chip disgorges its contents only after a reader successfully authenticates itself as being authorized to receive that information.
Computer scientists, however, have criticized that encryption method as flawed. In a recent paper (PDF here), RSA Laboratories' Ari Juels, and University of California's David Molnar and David Wagner, warned that the design of the encryption keys is insufficiently secure. They said that the use of a "single fixed key" for the lifetime of the e-passport creates a vulnerability.
The Bush administration could face an eventual legal challenge. A letter to the State Department from privacy groups (PDF here) says there is "no statutory authority" for the RFID passport because Congress has not authorized it.
"Our point is, whatever Congress may have meant in giving the State Department authority to issue passports was probably to issue passports that were like the old passports," said Lee Tien, staff attorney for the Electronic Frontier Foundation, which co-authored the comments. "But at some point you are doing something that is significantly different, which should probably require some sort of additional congressional authorization. The argument is how broadly does that authority go, and honestly, it's something no one knows."