E-passport Card Already Being Criticized in Industry

Experts divided on whether security is lacking for card


Washington is finally walking the walk when it comes to border security. That may not be a good thing, at least according to some critics.

Knowing just who is entering the country is a critical element of the homeland security initiatives passed by Congress in the aftermath of the 2001 terrorist attacks. No one disagrees with that premise.

By 2004, Congress approved the Intelligence and Terrorism Prevention Act requiring U.S. citizens and foreign nationals crossing U.S. borders to present a passport or other documents as proof of citizenship.

More importantly, Congress voted for the identification scheme to involve linking the passports and other documents to U.S. databases.

The lawmakers left the pesky details of privacy and security -- there were plenty -- to the bureaucrats.

First came the e-passports, which incorporate an RFID chip holding a digital photograph and the bearer's personal data. From a few inches away, a reader activates the chip and U.S. Customs officials can compare the information on the e-passport against what it has in its database.

The implementation of e-passports was delayed by more than two years of security and privacy criticisms but finally began rolling off the presses in August.

Now comes the "limited use passport card," for U.S. travelers returning by land or sea from Canada, Mexico, the Caribbean or Bermuda. Prior to the legislation, returning U.S. travelers from those countries did not need to present a passport.

Instead, Customs officials accepted a wide variety of documents issued by state or local authorities such as drivers' licenses and birth certificates, which prove identity but not necessarily U.S. citizenship.

No more: "Your papers, please!"

As proposed, the passport cards will be implemented over the next three years.

For the Department of Homeland Security and the Department of State, this presents some tough logistical problems.

According to a study by Bearing Point, approximately 23 million U.S. citizens cross the land border into Canada and Mexico nearly 130 million times each year. Another four million Americans travel to Canada and Mexico by air or sea, while two million travel to the Caribbean by air or sea.

Of the 23 million land border crossers, about half are frequent crossers. Almost all are traveling by automobile. Most do not have passports.

On any given day at a U.S. land border crossing, particularly between the U.S. and Mexico, the sea of cars resembles a football stadium parking lot on game day.

In other words, there's a lot of people and cars to move through Customs. To accommodate those crowds, DHS and State ditched the technology behind e-passports in favor of efficiently moving all those cars and people through Customs.

Instead of the short-range RFID used in e-passports, the government is going with vicinity (or long range) RFID for passport cards. The chip in the passport card can be read from at least 20 feet away.

As cars near the Customs checkpoint, a holder of the card can flash it to an overhead reader. When the car reaches the checkpoint, the information is ready on Customs' computer screen.

"Using long range RFID technology is a major step backwards for government-issued identity credentials," Randy Vanderhoof, executive director of the Smart Card Alliance, contends. "These RFID tags simply don't have the security features necessary to protect the border and also maintain citizen privacy."

Smart Card Alliance members, it should be noted, lost out on the passport card deal after securing the e-passport contracts.

Although the holder of the passport card must supply the same information as if applying for an e-passport (digital photo and personal data), the RFID chip on the passport card will only contain a "marker" or "pointer" to the bearer's info in the database.

This content continues onto the next page...