According to an article this week in PC World, it seems the US Passport Office is tuning in to the Fourth Law of Identity. We may not be out of the woods yet, but it it is encouraging to see that the Passport Office is listening to concerns by privacy experts and technologists about how Passport RFID, badly implemented, could cause many more problems that it solves. A number of us have been concerned that the original proposal offered new high tech weapons to terrorists and organized crime.
‘By October 2006, the U.S. government will require nearly all of the passports it issues to include a computer chip containing the passport holder's personal information, according to regulations published this week.
‘Starting in early 2006, the U.S. Department of State will begin issuing passports with 64-kilobyte RFID (radio frequency identification) chips that will contain the name, nationality, gender, date of birth, and place of birth of the passport holder, as well as a digitized photograph of that person.
‘The chip's contents will match the data on the paper portion of the passport, improving passport security by making it more difficult for criminals to tamper with passports, backers say. U.S. government efforts to make passports harder to forge began in response to the terrorist attacks on the United States on September 11, 2001.
‘After the State Department proposed last February to include RFID chips in passports, privacy groups such as the American Civil Liberties Union and the Electronic Frontier Foundation expressed concern. Because some RFID chips can be scanned remotely, criminals may be able to covertly scan groups of passport holders at airports, the EFF said in April. RFID passports could thus act as “terrorist beacons,” as well as indiscriminately exposing U.S. residents’ personal information to strangers.
For the record, I could not agree more with those expressing these concerns. It is a key responsibility of technologists to consider how what they are building can be misused by those with criminal intent. But so far, we don't seem very good at taking this responsibility. Our knee-jerk reaction is to label critics as lunatics in tinfoil hats. We should be learning about how to do a privacy threat analysis from the ACLU and EFF so we don't propose goofy technologies in the first place. And I for one applaud them for going to the mat on this issue.
‘In a letter commenting on the State Department proposal, the EFF argued that the agency lacked congressional authority to require RFID chips in passports.
‘”RFID in passports is a terrible idea, period,” said EFF senior attorney Lee Tien, in a posting to the EFF's Web site. “But on top of that, the State Department is acting without the appropriate authority and without conducting any form of credible cost-benefit analysis. It's asking Americans to sacrifice their safety and privacy ‘up front’ for a dangerous experiment that it hasn't even bothered to justify.”
‘The State Department received 2335 public comments on its February proposal to introduce electronic passports. More than 98 percent of the comments were negative, the State Department said, and most of them raised issues about security and privacy.
Note for others involved in similar schemes: If the Passport proposal had taken the Fourth Law of Identity into account from the get-go, most of these 2288 negative comments wouldn't have landed at their door.
‘In the passport rules it released Tuesday, the State Department said that it was taking several security precautions. The RFID chips will use encrypted digital signatures to prevent tampering; and they will be so-called passive RFID chips, which do not broadcast personal information unless within inches of an RFID reader machine. To protect against data leaks, the e-passports will come with an “antiskimming” material that blocks radio waves on the passport's back and spine, the State Department notice said.
‘The new passports would comply with an International Civil Aviation Organization specification on e-passports, the State Department said.
‘Though the State Department moved away from its earlier proposal of a self-powered RFID chip in favor of a passive one that relies on a reader machine's power, privacy concerns remain, said Barry Steinhardt, director of the ACLU's Technology and Liberty Program. Steinhardt called the State Department's security measures a “step forward,” but he said bar codes could be used to match electronic data with paper data on passports.
“It still raises the question [of] whether or not this is an appropriate technology,” Steinhardt said. “There are still some essential concerns about whether this is secure or not.”
I agree with Barry that we need more technical analysis by radio experts to know the extent to which these initiatives address the problem. But having scrapped the active tags and included the shielding, we know the scheme is qualitatively less dangerous than it was six months ago. Still, I would like to see the passport information protected from improper release through cryptography.
Neville Pattinson, director of technology and Government affairs for Texas RFID card vendor Axalto, praised the State Department's changes, including the passive chips and antiskimming materials. “This is a fine example of the government listening to public opinion and adopting technology that protects citizen's privacy,” he said. “With the changes, information cannot be extracted from it.”
I agree that the Passport Office already deserves credit for listening, unlike some more stubborn entities in various national governments who don't seem to care at all about the dangers of their proposals. It seems like the scheme is becoming a lot safer – and I hope the improvement can continue.
Companies like Axalto have such great technology that they could make a passport chip that would not respond unless triggered by a reader with a valid “inquiry coupon”. In fact, they may already have such capabilities. What would an inquiry coupon look like? It would be cryptographically signed by the US State Department and grant the operator of a reader permission to query American passports. This kind of a system would really bring the system into accord with the Fourth Law.
Of course a proposal like this would require an upgrade to the International Civil Aviation Organization specification on e-passports. The sooner we get to this, the sooner we can move toward real, long term, solutions.