Plans to use long read range RFID technology in a new border crossing card, the latest on the U.S. electronic passport and the re-emergence of a registered traveler program, were among the news highlights at the Smart Card Alliance's 5th Annual Smart Cards in Government Conference and Exhibition yesterday. Interest in government identity programs and technologies pushed attendance to a record level, attracting more than 600 government and technology leaders.
A new travel document to expedite land border crossings may include embedded RFID chips that can be read at a distance up to 30 feet, Jim Williams, director of the U.S. Visit Program, Department of Homeland Security, told conference attendees.
The announcement created debate, however, as many meeting attendees questioned the privacy and security protections afforded by the RFID technology proposed for the new identity document, called the PASS card (People Access Security Services). Conference attendees who commented during the question and answer period urged DHS to consider contactless smart chip technology, like that used in the State Department's new electronic passport, in order to achieve additional privacy protections and security measures. Contactless smart card technology also uses radio frequency for communications, but is based on microprocessors with built-in security features, capabilities that are not present in typical long read range RFID chips.
Driven by the Western Hemisphere Travel Initiative signed by the United States, Mexico and Canada and a federal mandate that requires a passport or an alternative document to cross these borders starting in 2008, the State Department and DHS are working together to define the PASS card technology and the process for issuing them. The State Department would be responsible for issuing the new documents. According to Williams and Frank Moss, deputy assistant secretary of state for passport services, who presented later in the conference program, both long-range RFID technology and contactless smart chip technology are still being evaluated for the PASS card. "State and Homeland Security are still resolving if this will be a proximity or distance read," said Moss.
Providing the document as a card that can be carried in the wallet will make it convenient to carry and use. To increase security, DHS plans to use a digital facial image as a biometric, so border agents can make sure the person carrying the credential is the one to whom it was issued.
But with $1.8 billion in trade crossing the border every day, DHS needs to balance the goals of security and privacy protection with economic efficiency, which translates into a requirement for fast throughput at the land borders.
To speed things up, the current thinking at DHS is that they would use some form of RFID that could be read from up to 30 feet away, so when individuals get to the checkpoint their information has been pre-loaded for the agent to see. The card would contain a number that is a "pointer" to a confidential record on a secure central database with the information about the cardholder, including a facial biometric.
According to Williams, security and privacy is assured by the fact that any personal information is stored remotely, and no personal information is broadcast. DHS is currently testing such technology, although test results have not yet been released.
Nonetheless, questions and comments at the meeting showed a strong concern to make sure everything is done in a privacy-sensitive way.
One problem Williams sees with contactless smart card technology, however, is that the read range is only a couple of inches, and customs and border agents are concerned about throughput and people dropping cards or sticking their arms out of the car.
"We're very sensitive to privacy, but we're concerned about backups at entry points, too," said Williams.
Williams also reported that since January 2004, the U.S. Visit program has screened 53 million border crossings and stopped more than 1,000 people at the border. Sharing the data with the State Department for screening people has paid off, too. "They have had 16,500 biometric hits on people. These are people that have done something wrong," he said.
"This month, the electronic passports went into pilot production," Moss announced at the conference. "We expect to start issuing tourist e-passports in August."
Explaining why the program took longer to implement than planned, Moss said the passport was completely re-designed and the adjudication process strengthened. State also added a number of security features to the electronic passport over the last year, including an anti-skimming material woven into the covers that greatly restricts reading the contactless smart chip in the passport when the cover is closed. There is also a printed data key inside the cover that must be scanned to unlock the ability to read the passport information.
"We went back to the drawing board and took a belt-and-suspenders approach to protect the identity and privacy of Americans," said Moss.
The United States is the world's biggest issuer of passports, bigger than No. 2 U.K. and No. 3 Germany combined. "This year we will issue about 13 million, and we expect to reach 17 million in 2008," Moss said.
The new electronic passport is based on international standards. It includes contactless smart chip technology with anti-forging features and a digital photograph to ensure the person carrying the passport is really the one to whom it was issued.
This week, the Transportation Security Agency is expected to announce new standards for registered traveler programs that will be privately managed and selected locally by airports, according to Carter Morris, senior vice president of transportation security policy at the American Association of Airport Executives.
The TSA hopes the program will streamline airport security processing by allowing people to be pre-screened, qualifying them for an expedited screening process. This could be a big benefit to all travelers, since 8% of air travelers represent 40% of air traffic, according to Morris.
The AAAE organized the Registered Traveler Interoperability Consortium, a group of more than 70 airports representing 80% of all passenger capacity. All of the members agreed to do business the same way, and follow the rules for technical interoperability and finances established by the TSA and the consortium.
"We took a collaborative approach, and we hope that it bears fruit," said Morris.
Other Conference Topics
Speakers also covered HSPD-12 implementation, e-government trends, international smart ID card programs and the status of NIST testing for government Personal Identity Verification (PIV) cards.