Plans to use long read range RFID technology in a new border crossing card, the latest on the U.S. electronic passport and the re-emergence of a registered traveler program, were among the news highlights at the Smart Card Alliance's 5th Annual Smart Cards in Government Conference and Exhibition yesterday. Interest in government identity programs and technologies pushed attendance to a record level, attracting more than 600 government and technology leaders.
A new travel document to expedite land border crossings may include embedded RFID chips that can be read at a distance up to 30 feet, Jim Williams, director of the U.S. Visit Program, Department of Homeland Security, told conference attendees.
The announcement created debate, however, as many meeting attendees questioned the privacy and security protections afforded by the RFID technology proposed for the new identity document, called the PASS card (People Access Security Services). Conference attendees who commented during the question and answer period urged DHS to consider contactless smart chip technology, like that used in the State Department's new electronic passport, in order to achieve additional privacy protections and security measures. Contactless smart card technology also uses radio frequency for communications, but is based on microprocessors with built-in security features, capabilities that are not present in typical long read range RFID chips.
Driven by the Western Hemisphere Travel Initiative signed by the United States, Mexico and Canada and a federal mandate that requires a passport or an alternative document to cross these borders starting in 2008, the State Department and DHS are working together to define the PASS card technology and the process for issuing them. The State Department would be responsible for issuing the new documents. According to Williams and Frank Moss, deputy assistant secretary of state for passport services, who presented later in the conference program, both long-range RFID technology and contactless smart chip technology are still being evaluated for the PASS card. "State and Homeland Security are still resolving if this will be a proximity or distance read," said Moss.
Providing the document as a card that can be carried in the wallet will make it convenient to carry and use. To increase security, DHS plans to use a digital facial image as a biometric, so border agents can make sure the person carrying the credential is the one to whom it was issued.
But with $1.8 billion in trade crossing the border every day, DHS needs to balance the goals of security and privacy protection with economic efficiency, which translates into a requirement for fast throughput at the land borders.
To speed things up, the current thinking at DHS is that they would use some form of RFID that could be read from up to 30 feet away, so when individuals get to the checkpoint their information has been pre-loaded for the agent to see. The card would contain a number that is a "pointer" to a confidential record on a secure central database with the information about the cardholder, including a facial biometric.
According to Williams, security and privacy is assured by the fact that any personal information is stored remotely, and no personal information is broadcast. DHS is currently testing such technology, although test results have not yet been released.
Nonetheless, questions and comments at the meeting showed a strong concern to make sure everything is done in a privacy-sensitive way.
One problem Williams sees with contactless smart card technology, however, is that the read range is only a couple of inches, and customs and border agents are concerned about throughput and people dropping cards or sticking their arms out of the car.