Its hardly surprising that privacy and security advocates have raised concerns ever since the State Department announced that passports would soon include RFID technology. Some people are ready to oppose anything the government does.
But they have a point.
These passports, which the government began distributing in August, contain an RFID chip which transmits all of the data in the passport, including the picture, to a reader device.
Use a little imagination, throw in government incompetence and some malicious intent and its not hard to see abuses happening.
Responsible analysts acknowledge that the government has taken at least some precautions to protect the privacy of the data, even if they argue that its not enough.
Im satisfied that many of the concerns about the technology stretch beyond reasonableness. Im especially unimpressed with the report from Flexilis on a vulnerability in the technology. (You might remember Flexilis as the company that designed the BlueSniper Bluetooth Rifle.)
Briefly put, they say that the RFID chip can be read in close proximity if the passport is slightly open, as it might be in a holders pocket.
They envision Americans brushing by bombs that automatically explode when their passport is read. Make sure to view Flexiliss YouTube video on the subject.
As opposed as I am to the wanton murder of Americans, of which I count myself as one, it seems to me that recent history shows there are easier and simpler ways to murder us. And there are better reasons to oppose e-passports.
I have to agree with Kevin Ashton, the co-founder of MITs Auto ID-Labs, which gave birth to EPCglobal, the international network for tracking items through a supply chain using RFID.
He argues that if RFID is in passports at all, it should be implemented the way EPCGlobal does it: all the chip stores is a unique code.
EPCGlobal defines a key numbering system, which is implemented in practice by Verisign, so that items can be tracked through out the supply-chain world-wide.
Readers can read the chips anywhere and use the number as a database key for lookups, or simply report it on to some database for tracking of its movements.
The e-passports transmit all of the actual data in the passport, including the picture. Ashton argues, and I have to agree, that there is no need for a passport to transmit anything more than the unique key. Authorities with access to the database can do a lookup.
Ashton also says that theres no need for most of the printed data on a passport, just the photo, but this seems like an overreaction to me. There are plenty of authorities with a reasonable right to rely on the passport and with no access to the database.
The State Department says that Congress mandated some sort of electronic component in passports, storing at least the picture, in order to facilitate face recognition technology. They also claim that it will speed up travel procedures.
The convenience factor doesnt seem compelling. Surely someone has to scrutinize the data whether they are looking at a physical passport or at a screen. And passport printed data is in such a regular form that it could be scanned and OCRd quickly.
Im not sure I understand the face recognition goal either. Do they intend to compare the digital photo in the passport to the photo of the person holding it? That needs to be done by a person anyway.
There is some logic to this argument, and it argues for having the data in the passport for performance purposes, but the logic is tenuous. If they mean to compare the photo to some database, that can be done offline, since the passport photos are clearly in some database at the State Department.
Im not usually as concerned with privacy issues as Bruce Schneier and that group, but I have to agree with him on this one: “I havent seen any compelling reasons why we are doing this.”
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.
More from Larry Seltzer