Despite a scathing critique by the American Civil Liberties Union, a U.S. State Department official promised his agency was taking measures to protect data on proposed U.S. electronic passports.
Late last week, the ACLU accused the U.S. government of rushing the rollout of insecure, RFID-enabled passports in hopes of creating a de facto global identification standard that could be used for surveillance.
On November 1, 2004, the Government Printing Office awarded four contracts to produce prototypes of RFID-enabled passports for initial tests. The new passport will contain an active RFID tag containing all the data found on printed passports, including a digital photo.
"We have an elaborate process of testing underway," said Frank Moss, Deputy Assistant Secretary of Passport Services for the State Department's Bureau of Consular Affairs. He said the four contractors will provide test quantities of passport covers containing RFID chips that will be evaluated for durability both in the printing process and during actual use, for the ability to write data to them and what he called "security considerations."
The ePassport initiative complies with requirements of the Enhanced Border Security and Visa Act, enacted in 2002. Twenty-five countries are required to provide machine-readable passports that include biometric identifiers. The four contractors participating in the first phase of the three-phase project are the team of consulting firm BearingPoint and SuperCom, an Israeli company; Axalto, a French supplier; and SuperCom on its own. Executives of the companies did not immediately respond or were not available to comment.
Moss said the ePassports will conform to an international standard for electronic identification data approved by the International Civil Aviation Organization (ICAO). The ICAO's standard specifically precludes encryption of the data or the use of authentication methods to access it -- and it's the combination of unencrypted data and the contactless reading system that has privacy and security experts up in arms.
The ACLU criticized the State Department for insisting over the objections of other countries that data written to the chips be clear and unencrypted, publishing documents obtained under the Freedom of Information Act in support of that claim.
But Moss denied that the U.S. had asserted its own agenda for unencrypted RFID data, saying that encryption would get in the way of global interoperability. "ICAO for decades has had a program to improve travel document security. One way to do that is through standardization," he said.
Bruce Schneier, a security technologist and the author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World , doesn't buy the State Department's explanation.
"Using RFID instead of contact chips is a really bad thing," Schneier said. "The U.S. snuck that in. They take a policy they can't sell at home, push it in international standards organizations, and then go back to the U.S. and say we have to do this because it's a standard."
Moss pointed out that the information to be contained in the chips is exactly what is already printed on the passport paper and contained in the magnetic strip. "In no way does including an integrated circuit make it into a homing or tracking device," he said.
However, according to Schneier, unencrypted data from an ePassport can easily be "skimmed" by anyone in the area with a reader, because the passports are continuously broadcasting their name, nationality, age and address.
Worse, the ACLU points to the Pentagon's controversial Total Information Awareness initiative aims to create "ultra-large-scale" database technologies with the goal of "treating the world-wide, distributed, legacy databases as if they were one centralized database." With the data standardization in electronic passport chips planned by ICAO, privacy advocates fear individual countries' border control information could easily be transferred into such an ultra-large-scale data repository.