Passport RFIDs are secure, State official says
- By Alice Lipowicz
- May 26, 2005
The nation's new passports with radio-frequency identification tags will be well-protected from identity theft by a combination of a physical barrier, protections on the equipment used to read the tags and possibly encryption and other security measures, according to Frank Moss, deputy assistant secretary for passport services at the State Department.
"We have not only belts and suspenders, but I think we have a rope, too!" Moss told Washington Technology. "I'm not going to start rolling this out until we've answered the privacy concerns."
At the same time, however, Moss acknowledged that State Department testing has shown that the RFID tags can be read at distances nearly 10 times greater than what the department had asserted in the past. Until recently, department officials had said the maximum reading distance for the RFID tag was about four inches.
Moss said an RFID passport tag theoretically could be read from as far away as 40 inches ? but only by extremely high-voltage readers with electronic beams that would "do physical damage" to anyone standing in their path, Moss said.
"It would be like pointing a microwave oven at someone," Moss said. "I think it would be in the range of 1,000 watts."
However, he said, the RFID passport tags also could be read "feasibly" without such large amounts of power at distances of up to 24 inches, he said.
The State Department plans to invite RFID industry members and privacy advocates to its laboratory in Colorado this summer to review the results of the testing, Moss said. No date has been set.
RFID tags are tiny computer chips containing data, which can be placed on identification documents. In the passport version, also known as a contactless chip, the chips contain microprocessors that store and wirelessly transmit data to a reader via a radio frequency.
The new passports, which are scheduled to be deployed in late summer, have been controversial because of concerns about possible identity theft and loss of privacy due to the possibility of unauthorized access to the data from anyone using a reader up to several feet away. That would likely endanger U.S. travelers from a threat of terrorists seeking to single out American tourists for harm, among other risks.
The State Department will employ a physical barrier around the passport and holder so that it cannot transmit radio frequencies when closed, and will coordinate with the Homeland Security Department's readers, which will utilize encryption, Moss said.
In addition, the department is considering Basic Access Control measures to encrypt the communication between the chip and the reader, he said.
The new passports will contain only the information that is now included on the pass, including name, birth date and a digitized photo image of one's face, Moss said. It will not have fingerprints, Social Security numbers, home addresses or telephone numbers, he said.
"This passport represents a fundamental improvement in passport security," Moss said.
Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.