State considers more passport protections
- By Alice Lipowicz
- May 05, 2005
State Department officials are considering additional security measures as they prepare to implement new U.S. passports with embedded radio frequency identification chips.
The security measures include Basic Access Control technologies to shield passports from inadvertently transmitting data to unauthorized people, according to Smart Card Alliance Executive Director Randy Vanderhoof.
"Officials from the State Department have indicated that they are now strongly considering the use of BAC in the U.S. electronic passport, a security feature supported by contactless chip technology. We think that is the right approach," said Vanderhoof in a press release.
With Basic Access Control, a standard defined by the International Civil Aviation Organization, the communication of data by the RFID chip requires an extra step before the data is released. It needs keys to be processed within the chip before the release of the passport data to any reader.
The RFID-enabled passports, which are expected to be rolled out within the next year, have been criticized by privacy advocates for allegedly having the potential to be read by anyone employing a wireless reader from several feet away. That would likely endanger U.S. travelers from a threat of terrorists seeking to single out American tourists for harm, among other risks.
State Department officials have said the RFID passports would be readable at a distance of only four inches, but critics have raised doubts about those assertions.
"One of the key questions we want to answer is: how far away can these chips be read?" said Barry Steinhardt, director of the American Civil Liberties Union's Technology and Liberty Project, in an April 26 press release.
In the ACLU's own testing, the group found that RFID tags conforming to the same standard the State Department intends to follow could be read from at least three feet away, Steinhardt said.
With the uses of additional protections, passports should be safe from inadvertent data leakage, Vanderhoof said.
"The use of BAC and encryption, coupled with protective shielding in the passport cover to prevent activation of an unopened passport by a high-power radio frequency reader, overcomes this concern while maintaining all of the added security features that the new passport is intended to have," Vanderhoof said. He made his remarks at a conference of the Association of Corporate Travel Executives.
Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.