New RFID travel cards could pose privacy threat

Jim Williams, director of the Department of Homeland Security's US-VISIT program, told a smart card conference here that such tracking chips could be inserted into the new generation of wallet-size identity cards used to ease travel by Americans to Canada and Mexico starting in 2008. Those chips use radio frequency identification technology, or RFID.

"If you haven't been to some of our busiest land crossings, I always refer to them as economic choke points...We ought to use technology to improve that," said Williams, whose office operates the biometric program used to verify that the fingerprint of a person using a U.S. visa to cross a U.S. border matches that of the person who was issued the visa.

Williams' remarks at an industry conference are likely to heighten privacy concerns about RFID technology, which has drawn fire from activists and prompted hearings before the U.S. Congress and the Federal Trade Commission. One California politician has even introduced anti-RFID legislation.

Many of the privacy worries center on whether RFID tags--typically miniscule chips with an antenna a few inches long that can transmit a unique ID number--can be read from afar. If the range is a few inches, the privacy concerns are reduced. But at ranges of 30 feet, the tags could theoretically be read by hidden sensors alongside the road, in the mall or in the hands of criminals hoping to identify someone on the street by his or her ID number.

Williams defended a remotely readable RFID'ed identity card to audience members who suggested selecting one that could be scanned from only a few inches away. Border police oppose that idea because "they're concerned about people dropping cards, about people sticking their hands out the window," he said. "They don't think that meets their mission needs"--that is, speeding up the border-crossing process.

Those forthcoming cards, called "PASS" (for People Access Security Service), are part of a federal requirement that, starting Jan. 1, 2008, anyone entering the United States from Mexico or Canada must carry a passport or "alternative" travel document. Homeland Security envisions that document will take the form of a "vicinity-read" wallet-size card that will capture information from a distance and automatically display the cardholder's picture and other biographic information on the border agent's computer screen.

Homeland Security has said, in a government procurement notice posted in September, that "read ranges shall extend to a minimum of 25 feet" in RFID-equipped identification cards used for border crossings. For people crossing on a bus, the proposal says, "the solution must sense up to 55 tokens."

The notice, unearthed by an anti-RFID advocacy group, also specifies: "The government requires that IDs be read under circumstances that include the device being carried in a pocket, purse, wallet, in traveler's clothes or elsewhere on the person of the traveler....The traveler should not have to do anything to prepare the device to be read, or to present the device for reading--i.e., passive and automatic use."

An internal agency spat?
But Homeland Security could run into some internal opposition in the form of the State Department, which appears to be leaning toward the "proximity" method instead of remotely readable RFID'ed identity cards.

"We think proximity read offers greater security protections," Frank Moss, deputy assistant secretary of state for passport services, said Tuesday. That method would also have a better chance of getting past the scrutiny of privacy advocates in the requisite rule-making process, added Moss, who joked that he had been labeled the "anti-Christ" by one person who commented on the State Department's e-passport proposals.

RFID chips are already going to appear in U.S. passports starting in October 2006, the Bush administration ruled last October. And the possibility of RFID-implanted drivers' licenses because of the Real ID Act has caused New Hampshire's House of Representatives to disavow the proposal entirely.

Moss ticked off a list of reasons why Americans shouldn't be concerned about the safety of RFID'ed passports any longer. He admitted the State Department was wrong to claim last year that the e-passport chips could be read within only 10 centimeters. He credited the scathing comments from privacy watchdogs for the agency's decision to adopt two safeguards: a cryptographic technique known as basic access control and "antiskimming material" on the passport's front cover, which "greatly complicates" the capture of data when the book is fully or mostly closed, Moss said.

The government agencies said they need to reach an agreement on the RFID technology they'll use in the next month so that they can begin soliciting proposals from private firms for the chip's design. They hope to begin producing the PASS cards no later than nine months from now, Moss said.

"What we're putting in the card is possibly nothing but a 96-digit serial number that is random and would do nothing but point back to a database...someone would have to hack into our database at the same time," Homeland Security's Williams said, adding that the agency is considering delivering the cards in a "Mylar sleeve that would block the technology when people aren't using it." They're also exploring using a card that would have to be activated by the user, through a fingerprint or some other biometric method, before any information could be read remotely.