Department of State Offers Update on Development of Electronic Passport

New rules apply to recording data on passport chip and reading data from that chip

   Based on that testing, the Department, in cooperation with the GPO, will include an anti-skimming material in the front cover and spine of the electronic passport that will mitigate the threat of skimming from distances beyond the ten centimeters prescribed by the ISO 14443 technology, as long as the passport book is closed or nearly closed.

   The Department will also implement Basic Access Control (BAC) to mitigate further any potential threat of skimming or eavesdropping. BAC recently has been adopted as a best practice by the ICAO New Technologies Working Group and will soon be formally added to the ICAO specifications. BAC utilizes a form of Personal Identification Number (PIN) that must be physically read in order to unlock the data on the chip. In this case, the PIN will be derived from the printed characters from the second line of data on the Machine-Readable Zone that is visibly printed on the passport data page. The BAC also results in the communication between the chip and the reader being encrypted, providing further protection.

   Shielding the reader or other measures associated with the chip reader can also minimize the possibility of eavesdropping. The Department of Homeland Security (DHS) is responsible for border inspections of travelers, and the provision and use of the equipment at U.S. ports of entry that will read the electronic passports. The DHS is working with NIST on reader security and communications issues.

   We believe that the measures described in this rule adequately address the concerns raised by comments regarding security and privacy.

Objections to the Use of the RFID Technology

   Some comments discussed a belief that the RFID technology is too faulty or otherwise inadequate to be used in passports. In particular, some comments asserted that the RFID technology could easily be hacked into or counterfeited, which would defeat its usefulness as a security measure. The Department is taking every measure to ensure that the RFID chips it uses are resistant to hacking and counterfeiting. The devices used in the U.S. electronic passport must be Evaluation Assurance Level 4+ certified or better. This third party certification is commonly used with other government smartcard initiatives and it provides assurance that the manufacturing process is auditable and secure.

   Additionally, the government conducts regular security audits of its vendor partners and their processes to maintain the security of its travel documents. Finally, the contactless smartcard chip used in the electronic passport will be securely inserted into a highly tamper proof, newly redesigned travel document. The new passport document is itself highly tamper resistant.

   According to certain comments, use of a contact chip would be preferable. However, contact chip technology was assessed and specifically excluded by the ICAO subcommittees during the development of their electronic passport specifications. Contact chip technology is primarily used in card formats, and does not easily adapt to fabrication in book-type formats. Contact technology requires the use of exposed contacts that need to make precise contact when inserted in a reader. Fabricating this technology in a book format in a way that facilitates reliable reading is problematic. Passports must be durable over their ten-year life. Passports using contact technology where a part of the passport book must be inserted into a reader would lead to enhanced wear and tear on the passport, thereby fostering unreliable passport book reading.

   Other comments suggested that the passport data should be encrypted. The passport data on the chip does not require encryption in order to be secure and protected. It is the same data that is visually displayed on the passport data page. Instead of encrypting data, BAC will permit an encrypted communication session with the reader that will provide a similar protection while not requiring administrative key control issues.